This book is released in the warm memory of

Late (Dr.) Inderjeet Singh Brar

… a Cyber SeCurity Stalwart!

He unexpectedly left us alone on September 27, 2024.

“Dr. Brar! Seeing the digital world through your eyes would keep me driven
to make it a safer place for everyone. I pledge to take forward your good
work in cybersecurity to make Bharat a #CyberSafeCountry for All !”
 Dedicated to My Inspiration
My Papa - Er. B.C. Shiv

Dear Papa - You have been my Rock Star and my Rock of Gibraltar too!

Your unwavering belief in me has given me the strength to pursue my passion of

reading, writing and teaching! I can’t thank you enough!!
 Foreword
It was February 3, 2017. I still remember the day. An elderly officer approached me after attending
one of my workshops on Digital Transformation. With deep concern, he asked, “Professor, I’ve
enjoyed learning about Emerging Technologies from you, but I am still confused. We keep hearing
about so many cyber-scams in digital world. If I don’t know how to protect myself from these, how
can I adopt digital technologies safely? Can you help?” His question struck me deeply. Here was
someone who had spent years navigating huge professional responsibilities and life’s
complexities, yet the digital world posed hitherto unknown challenges for him.

This wasn’t an isolated incident. Teaching senior government officers and working on “Digital for
Development” endeavours for last 33 years of my life, such concerns around cyber scams have
been vocalised in almost all of 10,000 technology sessions that I would have conducted in last
seven years of my career. Such queries, frustrations and fear of cyber-scams have been vocalised
by the majority of 1,00,000 of participants that I would have taught in last 7 years. And this fear of
cyber scams is irrespective of whom I have been teaching - learned senior officials, or bright-eyed
eighteen-year-olds or leading corporate employees or city mayors or school / university teachers
and even seasoned Chief Information Security Officers (CISOs) .. The undertones of frustration and
fear in my audience-voices kept gnawing my head till it almost became a loud message …

“Attempt to make a difference and propel a cyber-sensitisation drive for one and all by writing a
book. And let this book not just be another technical guide filled with jargon, but something more
relatable—a conversation starter for all”

Lo and behold, the idea of this book was born!

It was very clear. This book should be like a dear friend guiding dear readers through the maze of
cyber security in a simple and empathetic manner- without being preachy or technical.

Therefore, I threaded together real-life cyber-scam stories, popular case studies, and practical
advice in very simple words. Majority of the examples and cases mentioned in this book are cyber-
scam instances that have actually happened and were shared with me while seeking help or were
reported in popular newspapers and on trusted social media handles. As a result, this book is
refers to true cyber-scams happening around each of us and is for each and every one who want
to stay #cyber safe from #CyberChor!
(CyberChor is a term I have coined to refer to that CyberChor, rogue-actor who is lurking in dark
corners of cyber-spaces and watching us intensely to make just one silly mistake. It is for ease of
referencing that in this book, CyberChor has been referred with pronouns of “he/him/his” but
CyberChor, in real life could also be a “she/her/hers” or “they/them”).

My only hope is that by the end of this book, my readers should feel more empowered to navigate
the digital world safely. If you would read this book patiently, paragraph by paragraph every day-
I am sure by the end of the book, no CyberChor would ever harm you. The cyber awareness would
gradually permeate in your daily routine, make you more aware, guarded and empowered to
‘smell’ potential scams – and like invisible protective armour- shield you from harms of cyber-
attacks.

In my own little way, through this book, I also want to educate my dear readers about all the efforts
Government of India (GoI) to cyber-secure each of us.

The comfort is that if the terror and effect of a cyber-scam can be permanent, so can be our book-
series on cyber safety.

Yes, Dear Readers – You heard me right! This attempt is just the first in the series. Your emails
shall propel me to further curate the next book in this series. It would really help, if you would
read and review this book. I eagerly await constructive changes from you. You can also share your
own cyber-stories with me. Appreciate my intent and my cause and feel free to connect with me
at my email ( [email protected] ).

Thank you for joining me on this journey.

Happy Readings and Warm Regards,

Charru
(Prof. Charru Malhotra, Ph.D. - IIT-D)
 Acknowledgements
This book wouldn’t have been possible without the love, support, and encouragement of
some very special people in my life. The list is topped by my amazing children, Darshi and
Udbhav – who have watched me pour my heart into my work. Your patience and
understanding have meant the world to me. Thanks for patiently ‘parenting’ me!

My heartfelt gratitude to our beloved Director General at Indian Institute of Public

Administration (IIPA), Shri S.N. Tripathi (IAS), whose mentorship and unwavering
support have been quite instrumental in bringing this project to life. Indeed, I’m extremely
grateful for the guidance you’ve provided all of us at IIPA.

I owe a word of gratitude to my team members Jyoti Gujral (Consultant), Infographic

Team (Kartik, Ayush), who dreamt my dream through their eyes. All the roadblocks in my
professional journey miraculously disappeared under the watchful eyes of Henry, Tina,
Mina, Pinkie, my ‘Golden Girls’ and ‘My Owns’. All of you went above and beyond to help
shape this book, and I couldn’t have done it without all of you.

To all our APPPA officers, my countless students/ participants from all over the world
and—thank you for your curiosity and the countless conversations we’ve shared about
cybercrime and cyber hygiene. Your questions and insights have initiated me and helped
me to curate this book.

Thanks, Dear Publishers for accepting my manuscript with full gusto!

My Dear Reader - my Fellow Learner: I humbly fold my hands and profusely thank you
for taking the time to embark on this journey with me. Your willingness to learn and
engage with these topics is what makes all the effort worthwhile.

Feel free to give your constructive feedback on my email ([email protected] ).

Contents
Dedicated to My Inspiration .............................................................................................................................3

Foreword ...................................................................................................................................................................4

Acknowledgements...............................................................................................................................................6

List of figures ........................................................................................................................................................ 10

Terms of Glossary ............................................................................................................................................... 12

Chapter 1: The CyberChor: Understanding the Phenomenon ..................................................... 15

1.1. Busting Common Misconceptions (Figure 4) About Cybersecurity and Cyber

Hygiene ............................................................................................................................................................... 19

1.2. Why Everyone Gets Scammed: The UGC Framework ..................................................... 24

1.3. UGC Reasons Behind Falling in Trap of CyberChor (Figure 9) ................................... 29

1.4. Are You Cyber-Vulnerable? — A Quick Self-Check .......................................................... 30

CHAPTER 2: Cybercrime Playbook: Why You’re a Target and How Attacks Happen ....... 32

2.1. Who Gets Targeted, Who Attacks, Why and How? ........................................................... 34

2.2. How a CyberChor Attacks - Attack Vectors and Hacking Techniques..................... 39

2.3. CyberChor Playbook: Top 10 Deceptive Tactics................................................................ 44

2.4. The Illusion of Free Offers: Understanding Hidden Costs ............................................ 48

CHAPTER 3: How Cyber Scammers Trick You in Daily Life? ......................................................... 50

3.1. Common Tricks Used by Cyber Chores ....................................................................................... 50

3.2. Scams in Disguise: Tricks That Blend into Your Day ....................................................... 52

3.3. Top Five Daily Scams You Might Fall For .............................................................................. 57

Chapter 4: Cyber Kavach: Build Protection for Social Media, Devices & More ..................... 58

4.1. Introduction: What is Social Media? ........................................................................................ 58

4.2. Different Types of Social Media (Figure 21)........................................................................ 59

4.3. The Risk of Social Media................................................................................................................ 60

 4.4. Red Flags to Note .............................................................................................................................. 64

4.5. Impersonation Scams on Social Media: The Rajasthan Gang Example .................. 66

4.6. Common Cyber Frauds Related to Social Media ................................................................ 67

4.7. Reporting Cyber Crimes (for more details please refer to Chapter 6) ................... 78

4.8. The Solution - Securing Your Social Media .......................................................................... 78

4.9. What to Do If You Are Cyberbullied/ Cyber Trolled........................................................ 82

4.10. Key Learnings for Securing Your Social Media .............................................................. 85

4.11. “Your 5-Minute Digital Lockdown” – A Quick Cyber Safety Routine .................. 87

4.12. “Cyber Kavach for Families” – A Smart Home Cyber Plan ....................................... 89

4.13. Social Media Security Checklist: Do’s & Don’t ................................................................ 89

4.14. What's Coming Next - Safeguarding Your Digital Future ......................................... 90

Chapter 5: Safe Online Financial Transactions .................................................................................... 90

5.1. Types of Online Financial Transactions................................................................................. 92

5.2. Challenges of Online Banking ..................................................................................................... 94

5.3. How Online Financial Transactions Hit Our Daily Lives................................................ 97

5.4. Challenges of Online Financial Transactions ...................................................................... 97

5.5. Common Cyber Frauds Related to Online Financial Transactions ........................ 102

5.6. Digital Financial Transaction Fraud – Types (Figure 40) .......................................... 107

5.7. Alert on Fraudulent Loan Offers – Cyber Dost’s Important Warning .................. 112

5.8. The Solution – Overcome GULF and Secure Your Financial Transactions......... 113

5.9. Important Guidelines to Avoid Falling Victim to Cyber Frauds .............................. 123

5.10. What to Do If Your Bank Account Is Compromised? ............................................... 126

5.11. Reference Guide to Stay Safe with Your Finances Online ...................................... 130

5.12. Password Security and Best Practices ............................................................................ 132

5.13. Way Forward .............................................................................................................................. 134

Chapter 6: Guide to Reporting and Preventing Cybercrimes - Steps and Best Practices
................................................................................................................................................................................... 135
 Section 6.1 Quick and Easy Steps to Lodge a Cybercrime Complaint ................................ 135

Section 6.2 How to File a Complaint by Email?............................................................................. 137

Section 6.3 How to File a Complaint if the Victim is a Woman or Child? ......................... 138

Section 6.4 How to File a Complaint about Cyber-Financial Frauds? ................................ 139

Section 6.5 Actions to Take When Someone Loses Their Mobile Phone .......................... 143

Section 6.6 What to do if phone is lost and Google Pay/Paytm and Phone Pay is still
active? ............................................................................................................................................................... 149

Section 6.7 How to Use Chakshu Portal to Report Fraud Spam Calls, Messages? ........ 150

Section 6.8 How to Approach Consumer Court for Cybercrime? ......................................... 155

Section 6.9 How to Report Cyber Abuse on Social Media? ...................................................... 157

Section 6.10 Lodging a Cyber Crime Complaint on the National Cyber-Crime Portal158

Section 6.11 Simple Ways to Stay Safe Online & Avoid Cyber Scams ................................ 163

Section 6.12 Beware of OTP Theft Through Merged Calls & Fake Screenshots ............ 165

Section 6.13 Legal Provisions for Cybercrime Prevention and Reporting ...................... 169

Section 6.14 Summary of Key Provisions in BNSS, IPC, and IT Act for Cybercrime: .. 169

Section 6.15 Some of the Initiatives by the Government of India to Prevent Cybercrimes
.............................................................................................................................................................................. 176

Section 6.16: Some of the Initiatives by Government of India to Build Cyber Safe Bharat
.............................................................................................................................................................................. 185

Section 6.17: India’s Cyber Shield: 7 Zonal Teams to Tackle Digital Crime .................... 203

Section 6.18: RBI’s New Rules to Protect You from Financial Fraud ................................. 204

Section 6.19: Rising Importance of Cyber Insurance in Digital Era .................................... 206

Annexure A: Scam Alerts — Do’s & Don’ts You Must Know ....................................................... 208
List of figures
Figure 1 Exponential Growth of Cyberattacks in India .................................................................... 17
Figure 2 Rising Cybercrimes in India ........................................................................................................ 17
Figure 3 Overview of Book ............................................................................................................................. 18
Figure 4 Myths About the Cybersecurity ................................................................................................. 23
Figure 5 Mother of All Myths and Misconceptions ............................................................................. 24
Figure 6 UGC Acronym ..................................................................................................................................... 24
Figure 7 Aadhaar Masking .............................................................................................................................. 27
Figure 8 Steps to Generate Masked Aadhar ........................................................................................... 27
Figure 9 UGC reasons behind falling into the trap of CyberChor................................................. 29
Figure 10 RIMS: Protect What Matters in Cybersecurity ................................................................ 33
Figure 11 Cyber Threat Landscape details ............................................................................................. 34
Figure 12 4 Simple Ways To Learn English Effectively .................................................................... 35
Figure 13 Cyber Manipulation Tactics: Beware of Saam, Daam, Dand, Bhed ........................ 40
Figure 14 Types of Malware .......................................................................................................................... 41
Figure 15 How CyberChor Attacks ............................................................................................................. 42
Figure 16 Top 10 Most Common Trick used by CyberChor ........................................................... 47
Figure 17 Scam Trap ......................................................................................................................................... 49
Figure 18 Protective Measures .................................................................................................................... 49
Figure 19 Common Tricks used by CyberChor ..................................................................................... 50
Figure 20 Social media Examples ............................................................................................................... 59
Figure 21 Types of Social Media .................................................................................................................. 60
Figure 22 Red Flags ........................................................................................................................................... 64
Figure 23 Frauds related to Social Media................................................................................................ 68
Figure 24 Romance Scam ................................................................................................................................ 70
Figure 25 Protecting Yourself ....................................................................................................................... 71
Figure 26 Real Horrifying Incident: Fake WhatsApp Lottery Scam in 2020 .......................... 72
Figure 27 Real Horrifying Incident: COVID-19 Misinformation During the Pandemic..... 73
Figure 28 Social Engineering ........................................................................................................................ 75
Figure 29 Bot......................................................................................................................................................... 76
Figure 30 Fake Mails ......................................................................................................................................... 82
Figure 31 Safe Online Financial Transaction ......................................................................................... 91
Figure 32 Convenience of Online Banking.............................................................................................. 92
Figure 33 Types of Online Financial Transaction ............................................................................... 93
Figure 34 Problems with Online Banking ............................................................................................... 95
Figure 35 Challenges of Online Banking .................................................................................................. 97
Figure 36 Skimming Attacks.......................................................................................................................... 99
Figure 37 Fake Cashback Links ................................................................................................................. 101
Figure 38 QR Phishing Attack .................................................................................................................... 104
Figure 39 UPI Frauds ..................................................................................................................................... 105
Figure 40 Common Financial Cyber Threats ...................................................................................... 107
Figure 41 Cyberdost ....................................................................................................................................... 112
Figure 42 Real-Life Incident: Retired Bank Employee Scammed ............................................. 115
Figure 43 Kanishk Gaur Tweet .................................................................................................................. 116
Figure 44 Fake Digital Arrest ..................................................................................................................... 117
Figure 45 Greed, Urgency and Fear (GULF) ........................................................................................ 118
Figure 46 VPN Approach .............................................................................................................................. 119
Figure 47 Verification, Pause and Validate (VPV) Approach ...................................................... 121
Figure 48 Safe Practices for Online Banking ...................................................................................... 124
Figure 49 Immediate steps to be taken for Bank Account ........................................................... 127
Figure 50 NIST Password Guidelines .................................................................................................... 134
Figure 51How to File a Cyber Crime Complaint (Source: IIPA) ................................................ 137
Figure 52 RBI's banking ombudsman .................................................................................................... 141
Figure 54 Banks Defeat the ‘Zero Liability Policy’ to the E-mail Complaints ..................... 142
Figure 53 WHAT to do if one is a victim if a Financial Fraud ..................................................... 142
Figure 55 When and How to Approach an RBI Banking Ombudsman (Source: IIPA).... 143
Figure 56 Google Find My Device............................................................................................................. 144
Figure 57 Ciitizen Centric Services.......................................................................................................... 147
Figure 58 Steps to Follow in Case of a Lost Mobile Phone (Source: IIPA)............................ 149
Figure 59 Filing a complaint on National Cyber Crime Reporting Portal ............................. 160
Figure 60 Registering a New User on the National Cyber Crime Reporting Portals ....... 161
Figure 61 To track the complaint status (Source: National Cyber Crime Reporting Portal)
................................................................................................................................................................................... 163
Figure 62 Security of India's Digital Landscape ................................................................................ 185
Figure 63 Homepage of Cybercrime.gov.in ......................................................................................... 186
Figure 64 Homepage of Consumerhelpline.gov.in ........................................................................... 187
Figure 65 Homepage of Cybercrime Reporting Portal .................................................................. 188
Figure 66 Homepage of Sancharsaathi.gov.in .................................................................................... 188
Figure 67 Security Tools as Advised by Cyber Swachhta Kendra ............................................ 189
Figure 68 Homepage of Cyber Coordination Centre (CyCord) portal .................................... 190
Figure 69 Various ISEA Programs Listed on Homepage ............................................................... 191
Figure 70 Homepage of Cyber Surakshit Bharat Programme .................................................... 193
Figure 71 Key Elements of IT Act, 2000............................................................................................... 196
Figure 72 Homepage of National Critical Information Infrastructure Protection Centre
................................................................................................................................................................................... 197
Figure 73 Various Critical Information Infrastructure .................................................................. 198
Figure 74 National Cybercrime Forensic Laboratory .................................................................... 199
Figure 75 Screenshot of Homepage of Data Security Council of India ................................... 199
Figure 76 Homepage of BPR&D ................................................................................................................ 200
Figure 77 The Nation's Frontline Cybersecurity Force ................................................................. 202

Terms of Glossary
Term Definition
Artificial The ability of a computer or robot controlled by a computer to
Intelligence perform tasks that usually require human intelligence and
discernment.
Backup A copy of computer data stored elsewhere to restore the original
after data loss.
 Bandwidth The maximum rate of data transfer across a given path in
computing.
Big Data Extremely large data sets that can be analyzed computationally to
reveal patterns, trends, and associations.
Biometrics Automated technologies for authenticating and verifying human
body characteristics such as fingerprints and facial patterns.
Bots Computer programs that perform automatic, repetitive tasks
designed to mimic or replace human behavior.
Browsing A list of web pages visited by a user, along with associated metadata
History like the time of the visit.
CIA Triad A security model based on three principles: Confidentiality,
Integrity, and Availability.
Cryptocurrency Digital or virtual currency secured by cryptography, making it
impossible to counterfeit or double-spend (e.g., Bitcoin, Ethereum).
CyberChor A term used by me in the book to describe CyberChor or hackers
who exploit online vulnerabilities to commit crimes.
Cyberbullying Bullying or harassment conducted through digital platforms, often
involving spreading unpleasant or harmful content about someone.
Cyberspace The global domain within the information environment consisting
of the internet, telecommunications networks, and computer
systems.
Cyberstalking A crime where a victim is harassed using digital communication
tools like email or social media.
Dark Web A hidden part of the internet that needs special software to access,
often used for secret (illicit) activities and private communication.
Data Breach Unauthorized access to confidential data, such as financial
information or medical records.
Decryption The conversion of encrypted data into its original, readable form.
Denial of A cyberattack aimed at overwhelming a service to render it
Service unusable by flooding it with traffic.
(DoS/DDoS)
E-commerce The buying and selling of goods and services over the internet.
 Encryption The process of encoding information so that only authorized parties
can access it.
Firewall A security system that controls data flow between networks to
protect against external threats.
Hacking Unauthorized access to data in a computer system.
Identity Theft Stealing someone's personal information to impersonate them for
fraudulent purposes.
Juice Jacking A type of cyberattack where malware is installed on a device via a
compromised charging station.
Malware Malicious software designed to damage or gain unauthorized access
to computer systems.
Phishing A method used to trick individuals into providing sensitive
information by pretending to be a trustworthy entity.
Ransomware A type of malware that locks users out of their systems or files until
a ransom is paid.
SIM Swap A fraud where criminals convince a mobile network provider to
Fraud transfer a victim's phone number to a SIM card in the criminal's
possession.
Smishing Phishing conducted via SMS text messages.
Social Psychological manipulation to trick users into divulging confidential
Engineering information.
Spam Unsolicited messages, often sent in bulk via email or social media.
Spyware Malicious software designed to collect information about a user
without their knowledge.
Trojan Malicious software disguised as legitimate software that, once
activated, allows unauthorized access to the user's system.
Vishing Phishing conducted via phone calls or voice messages.
Worm A self-replicating malicious program that spreads through
networks.
 Chapter 1: The CyberChor: Understanding the
Phenomenon

The CyberChor: Digital Thieves You Can’t See

Imagine this: You wake up, grab your phone, and start your usual routine—checking
emails, scrolling through social media, or making a quick online payment. Everything
seems normal, right? But what if I tell you that someone might be watching your every
move online, waiting to steal your information?

Every time you enter your password, click on a link, or make a payment, you leave a
digital footprint—just like footprints on a sandy beach. And just like thieves who follow
footprints to steal something valuable, CyberChor (Digital Thieves) follow your online
activities to steal your money, passwords, and personal details.

Sounds scary? Look at the latest news:

 A Bengaluru man lost ₹2.8 crore after accepting a "free" smartphone from scammers
posing as bank officials. The phone was preloaded with malicious apps that
intercepted OTPs and enabled massive financial fraud (20 Jan 2025).

 Woman (Home maker) loses ₹5.6 crore in online investment scam (February 08,
2025) (Refer Ch-6 to safe yourself).

 "SAIL Employee Loses ₹23 Lakh to Cybercriminals Posing as Officials" (December

2024)

 "International Fraud Syndicate Busted: Varanasi Police Arrest Mastermind Linked to

₹98 Lakh Scam" (December 2024)

 “Girl, failed IAS aspirant, arrested for third time for spoofing calls, impersonating
IPS and IFS officers” (Oct 4, 2024)

 “UP woman dies of heart attack after CyberChor lie about daughter’s sex” (Oct 3,
2024)

 “Haryana man loses INR 4 crore to CyberChor after downloading link from
WhatsApp” (Oct 3, 2024)

 “Man loses Rs. 16,000 in dating app scam in Delhi (Oct 1, 2024)
  “A group Chairman in Punjab lost Rs. 7crore to online fraudsters” (Sep 30, 2024)

 "Multiple High-Profile Cyber Attacks Hit Major Organizations" (October 2024)

Several well-known companies, including MoneyGram, Casio, ADT Alarms,
Zendesk, ESET, Radiant Capital, Wayback Machine-Internet Archive, Insurance
admin Landmark, Red Barrels, and Pokémon's Game Freak, suffered severe
cyberattacks.

These days, a deluge of threatening SMSs / messages has also become a norm. Consider
this SMS I had received just a week before sending this manuscript to the publishers:

“Kindly update your delivery location within 12 hours, otherwise we will proceed to
return the product: https://indiilapostgovt.icu/in”
Sound familiar? Perhaps you or someone you know has received similar messages:

“Click here to pay or your electricity will be disconnected.”

“Click here to pay your e-challan immediately.”

“Click here to update your address.”

Not a day passes by when such cyber scams are not discussed.
The new scam alerts from the @CyberDost handle of the Ministry of Home Affairs
(MHA), Government of India regularly caution us about the varying nature of these
cyber scams, some of the recent ones as follow:

 CyberChor with fake profiles and scam #stock trading group links are following
victims on @X (September 30, 2024@Cyberdost)

 Fake loan apps promise fast cash but deceive” (Sep 27, 2024, @CyberDost)
These scams are not exclusive to 2024, rather it has been an all-pervasive phenomenon
for the last few years (Figure 1).

“Cybercrime: A Growing Epidemic”

For instance, the earlier data by several reputed agencies on the proliferation of
cybercrime is equally alarming. Some of the following cybercrime snippets, some of
which pointedly refer to India, affirm this fact:

 “Apple warns iPhone users in India” (April 14, 2024)

 “Generative AI will be used as a tool to mislead the public” Brad Smith, Microsoft
Vice-Chairman, August 25, 2023)

 “Cyber-attacks on mobiles rose 845% in India from October to March” (A study by a

cybersecurity firm Checkpoint, April 14, 2021)

 Nearly 193% rise in cyberattacks in India in 2020 (CERT-In Data, March 23, 2021)

 India was 2nd most cyber attacked nation in the last three months (A study by a
cybersecurity firm Checkpoint, Oct 6, 2020)

Figure 1 Exponential Growth of Cyberattacks in India

Figure 2 Rising Cybercrimes in India

Cybercrime in India (Figure 2) has skyrocketed over the past few years, with cases rising
from just 26,000 in 2019 to over 1.5 million in 2023. As of April 2024, over 740,000 cases
have already been reported, highlighting how online financial scams have become
alarmingly common. The data reflects a growing need for public awareness and digital
vigilance.
These CyberChor don’t need to break into your house or steal your wallet—they can rob
you while you sit comfortably at home. They use tricks like hacking, fake messages, OTP
scams, and identity theft to fool people. But here’s the good news: You can protect yourself!
This book (Figure 3) will cover following:

Figure 3 Overview of Book

It’s time to fight back against CyberChor and take control of your digital safety. Are
you ready? Let’s get started! 🚀

Why You Should Care?

Because of the hyper-connected world! Whether you're tending bank accounts or

surfing for news and information on the grapevine, your data is important to
CyberChor. As a result, enthusiastic individuals are eager to embrace the digital world
but hesitant because of the risks they don’t fully comprehend. This book wants to arm
you with the fundamentals of cyber hygiene so that you may protect yourself and your
family from any harm emerging from cyber scams. However, before proceeding on this
exciting journey, let us together dispel some common myths that might have either
made us over-complacent or too frightful in the digital world.

“You may wonder — how serious is the problem, really? The numbers say it all.”

Cybercrime is not just growing — it’s becoming more effective. In 2024, a significantly
higher percentage of scam victims actually lost money, and the total losses reached
alarming levels.

Metric 2023 2024 % Increase

% of fraud reports involving financial loss 27% 38% 🔺 +11%
💸 Total loss to investment scams $4.6 billion $5.7 billion 🔺 +24%
🎭 Total loss to imposter scams $2.6 billion $2.95 billion 🔺 +13%

💱 Most damaging payment methods:

In 2024, bank transfers and cryptocurrency payments accounted for more losses than all
other methods combined.

Insight:
The internet has made investing easier — but also made it easier for scammers to target
beginners, especially those with limited financial knowledge or digital literacy.

Note: These figures do not include smaller-scale scams, such as social media influencers
promoting hyped or fake products.

Source: Based on compiled industry fraud reports and consumer protection data (2024).

1.1. Busting Common Misconceptions (Figure 4) About

Cybersecurity and Cyber Hygiene

a) Misconceptions Among Elderly

Many elderly individuals feel understandably uneasy about learning new digital
technologies or even the basics of cyber hygiene. This discomfort often stems from
their unfamiliarity with these technologies and the following misconceptions arise:

 “I'm not technical I can't protect myself”: Very often older people feel that
cyber security requires at least a high level of technical expertise.
  “It’s my government’s responsibility and not mine”: One popular
misconception is that cyber security is the responsibility solely of authorities or
big companies.

 “I haven't gone online/offline, so I'm not at risk”: Many older people think
that because they are not actively using the Internet, they're safe from cyber
threats.

Dear Seniors,

You please need to understand that CyberChor is gunning at your daily life concerns as
a senior citizen. For instance, you could be concerned about investing your life savings,
or about your waning health and withering looks, or it could be sheer empty-nest
syndrome that leads to loneliness and boredom. Therefore, personal vigilance is very
important for you to safeguard your lifetime savings. Even an occasional online activity
such as ‘hailing a cab’ or ‘searching on the Internet’ or watching a movie online can
expose you to CyberChor. Therefore, while going about your routine life, you must
adopt some basics of cyber hygiene in your digital lives. The book intends to address
your cyber concerns by providing very simple and step-by-step guidelines to stay
cyber-safe. And yes, the government too is doing its bit to ‘protect you’, but if you don’t
know about these initiatives, how would you use these to your advantage? This book
intends to provide you with the same.

Online Scams Targeting Senior Citizens: A Psychological Game

Our dear seniors, today’s online scams come in many different forms, and scammers
are crafty in their approach. They don’t just use technology—they play mind games,
too. These scammers are skilled at building trust or creating fear to manipulate you,
often targeting your hard-earned money by preying on common concerns.

This game of scams isn’t only about using advanced tech; it’s also a psychological game.
CyberChor know how to trick the mind, especially when they sense vulnerability,
making it even more important to stay alert and act wisely.

This vigilance is your strongest defence against these traps.

Real Life Example

 Real Incident: Cyber Fraud Turns Fatal for Elderly Couple

In February 2025, a heart-breaking incident from Karnataka shocked the nation. An

elderly couple lost over ₹50 lakh to a cyber-fraud. Devastated by the financial loss and
mental trauma, they tragically took their own lives. According to reports, they were
manipulated into transferring funds through a sophisticated cyber scam.

“They kept it to themselves. They didn’t know how to recover the money or whom to
approach for help,” said a relative.

This incident is not just a statistic — it’s a warning. Scams today aren’t just about
money. They take a toll on our mental and emotional well-being, especially for senior
citizens who may not know where to turn.

Let this story remind us: cyber hygiene isn’t optional anymore — it’s a lifeline.

b) Misconception Among Homemakers

People who are always home-bound feel that there is no need for them to know
anything about the basics of cyber hygiene or cyber security. They have similar
misconceptions about the elderly:
 “I only do relatively simple things on the web so why bother about cyber
security” Elderly people, and homemakers, use the Internet to shop online, read
news or watch small video snippets on social media. They could think that these
activities are relatively ‘harmless’.
My Dear Homemakers: Please don’t be complacent that as you do not rely on digital
technology for banking or any professional work, you would not have exposed to cyber
risks. Because of this misconception, your safety guards could go down and hence the
chances of you being cyber scammed go higher.
c) Misconceptions Among Professionals
On the other end of the spectrum are professionals who possess basic computer and
Internet skills or are trained individuals or are technology savvy individuals; some of
these professionals too tend to go careless with basic cyber hygiene practices.
I. “I know everything about the Internet, so I’m safe”: There is a common
misguided judgment among the majority of such professionals that they are
‘intuitively safe’ from cyber scams. This overconfidence blinds them and can
 become their Achilles’ heel, especially since the cyber threat landscape is
evolving faster than they could ever imagine.
II. “I have enough cyber security/technology professionals in my office to
‘guard’ me”: I have seen and heard lots of experts mumbling “This is not my
domain; there are others in my office to help us with this “. This is another kind
of neglect or maybe over-complacence amongst certain senior professionals that
may ‘kill the cat”. Yes, dear friends, I am right! CISOs (Chief Information Security
Officers) in your offices surely keep your office networks and connected devices
safe but your cyber-safety is your own responsibility and not that of your office
staff or of your CISOs.
My Dear Professionals: Let me gently nudge you that in this book, we are trying to learn
basic cyber hygiene practices that you need to know to safeguard your own mobile
phones, your own net banking accounts, your social media handles, and yes, your own
digital identity too. I am a trained CISO and a CISO trainer too and I am very sure that
after reading this book and following its basic tips, you will become wiser about the
basics of cyber scams. Thereafter, you would be more enlightened to share this basic
cyber wisdom with your own CISOs too - who might be otherwise very busy grappling
with bigger cyber security issues and risks assailing your networked organization.

d) Misconception Among Youth

Akin to professionals, some young people too could be dismissive of cyber security
risks. Their misconceptions are a result of being merely ‘job-seekers’ or being ‘over-
confident’ as they have grown up in the digital era which gives them a false sense of
security.

 “I’m not making money yet, so I don’t need to worry”: Many young people believe
they don't need to learn cyber hygiene practices because they aren't undertaking
any substantial financial transactions.
 “I only use social media and gaming platforms, so it doesn’t matter”: Their
overconfidence causes them to be dazed by the expanding advancement of
phishing, malware, and social building assaults that can trap them.
My Dear Young Friends: Even if you’re not earning at the moment, someone might be
supporting you financially. Therefore, do not ignore the fact that your digital
carelessness can easily lead a CyberChor to your parents’ or guardians’ bank
accounts/email addresses or maybe to their physical location too. You may consider
gaming and social media to be safe leisure activities, and yet carelessness in any of
these could lead to your ‘identity theft’ (where you can get penalized for a crime that
you had never committed) or to ‘juice-jacking’ of your device (where you unwittingly
lose your contact-lists or other precious data). You could even be victimized by your
foes through cyber-trolls or could be cyber-bullied or cyber-stalked on social media.
Trust me knowing and learning how to be cyber-safe is far easier than bearing the
agony of any of these cyber-scams.

Figure 4 Myths About the Cybersecurity

So, the biggest myth (Figure 5) is that “I can never be scammed”.

Figure 5 Mother of All Myths and Misconceptions

Isn’t it a matter of shock how everyone, irrespective of their age, profession, or profile
can get scammed so easily? Let’s try to understand why.

1.2. Why Everyone Gets Scammed: The UGC Framework

I firmly believe that only two types of people exist on this earth now –

 firstly, those who have already been scammed

 and the second ones who might be soon scammed.

People often get scammed because of a few common reasons, which let us brief in an
acronym UGC (Figure 6).

Figure 6 UGC Acronym

Let us together unravel what traits are represented by UGC that make the majority of
us prey to cyber scams:

a) Unaware - Not Staying Up to Date: Most of us stay unaware of the latest methods
and scams that CyberChor usually regularly upgrade themselves to ‘harvest’ our
 personal details that are either lying scattered in cyberspace or extracted out of
us.
You don’t believe me?
Let me show you how “Unawareness” makes us victims.
For instance, you receive an e-mail from your favourite Internet shopping site that
states that your account has some issues with it. An unaware you would treat it as
an ordinary e-mail that is pointing out a ‘routine maintenance issue’ with your
account that needs to be resolved. An unaware you never questioned its
authenticity and gratefully clicked where suggested. As a result, now you have
inadvertently landed up at a fraudulent site that intends to ‘verify’ you by asking
for your username and password. You did not hesitate even once before entering
the same. Alas! With just one click, you end up putting your complete ‘digital
identity’ into a CyberChor hands.
Situations like these would happen to you because you were not aware of the
‘phishing’ scams and much more.
b) Gullible- Trusting the Wrong People: CyberChor can be very convincing. They
have been ‘trained’ to emotionally connect with us and then exploit us. To do so,
they adopt various strategies to ‘extract’ personal information from you like they
might pretend to be someone you trust, your co-worker, your family members
(thanks to ‘deep fakes’ that make them sound or look like them), a senior
government official or maybe someone trusted from your contact-lists.
For example, you get a call from a ‘friendly’ customer-care bank employee who
‘coaxes’ you to urgently redeem your reward points before the ‘offer closes’.
Trusting this ‘kind’ person, you would quite likely get ‘emotionally blackmailed’ to
quickly take an action, and without a moment's reflection click at the suggested
link that he would share with you on a SMS. This one-click seals your digital fate.
c) Carelessness - Not Realizing the Risks: Sometimes, we carelessly hand over our
personal documents such as our Aadhar cards at booking counters or even
carelessly speak aloud out our personal information, such as our passwords or
credit card numbers at crowded places, wrongly presuming "What can go wrong?"
But for CyberChor, each of these tiny little pieces of your personal sensitive
information can really add up, to create your complete digital profile, making you
a repeat victim in the hands of not just one but maybe multiple CyberChor. Please
also know that your personal sensitive information is sold to multiple CyberChor
in a dark internet market, also known as “Dark-Web”.
Before you deny that you have not been careless, let me recount one cyber-scam
that was initiated Carelessness of a dear childhood classmate of mine.
‘Queenie’ (name changed to protect her) got a “hello” on a popular social media
from another old buddy of ours; let’s call her ‘CC’. After exchanging basic
preliminaries on the chat, CC asked Queenie to write down her email password for
retrieving an old school-time account. Since Queenie was too thrilled to be
contacted by CC, she got careless with her caution and happily shared the same
with CC. In that moment of euphoric carelessness of having been reached out by
our old classmate after ages), not even once did Queenie realize that it was not our
dear old buddy ‘CC’ on the other end but actually a CyberChor. The fact was that
CC’s social media account had been hacked by a CyberChor who was now entering
to wriggle into Queenie’s email account by asking the latter about her e-mail
password etc. This Chor, once he got access to Queenie’s email account had reset
passwords of all other Queenie’s accounts such as her bank account, and her social
media account which are connected to this hacked email!
Indeed, your one moment of Carelessness could cause you mental duress for a
long!
Protecting Your Identity with Masked Aadhaar
Now that we understand the traits that make us vulnerable to scams, let’s talk
about a proactive way to protect ourselves—especially our digital identity. One of
the key elements that a CyberChor might try to exploit is your Aadhaar number,
which, if accessed, can lead to severe identity theft and fraud. Just as a slight slip in
awareness, gullibility, or carelessness can expose us to CyberChor, so can sharing
sensitive details like Aadhaar without adequate protection.
Here’s where Masked Aadhaar (Figure 7) comes to your rescue! This feature
allows you to share a safe version of your Aadhaar card, where only the last four
digits are visible. The first eight digits are replaced by asterisks (**** ****), adding
a layer of security by keeping your full Aadhaar number concealed. Sharing this
safer version can prevent identity theft and fraud when Aadhaar is requested for
verification purposes, such as during hotel check-ins or casual transactions.
 Just as the CyberChor preys on your "UGC" traits, using Masked Aadhaar is a smart,
easy way to stay one step ahead. It keeps your information secure by reducing
unnecessary exposure to your Aadhaar number, protecting both your digital and
financial identity from fraud.

Figure 7 Aadhaar Masking

Why Use a Masked Aadhaar?
 Enhanced Privacy: By hiding most of your Aadhaar number, it keeps your
identity secure and makes it safer to share for necessary transactions.
 Limits Misuse: With fewer digits visible, unauthorized access to your Aadhaar
number is harder, reducing the chances of fraud.
 Easily Accepted: Many institutions now accept Masked Aadhaar for KYC and
verification, making it a practical choice.

Various Steps (Figure 8) to Follow for Generating Masked Aadhar

Figure 8 Steps to Generate Masked Aadhar

Avoid Sharing Aadhaar at Hotel Receptions
Do you know sharing your Aadhaar card at hotel receptions or casual settings can put
your identity at risk? Advocates advise against it, as hotels may not have the strict
security needed to keep your data safe. While hotels often request ID proof, sharing
your Aadhaar in such situations can lead to serious risks.
Why Not Use Aadhaar at Hotels?
i. Risk of Data Misuse: Many hotels don’t have secure data handling, so your
personal information could be exposed to unauthorized access.
ii. Identity Theft: Misuse of Aadhaar details could lead to fraudulent bank
transactions, fake accounts, or even loans taken in your name.
iii. Choose Safer Alternatives: Instead, use other ID proofs like a Voter ID,
Passport, or Driver’s License, which carry less sensitive information.
iv. Use Masked Aadhaar: If you must share Aadhaar, use the masked version to
hide most of your number and protect your identity.
v. Limit Sharing: Only share Aadhaar with trusted organizations like government
agencies or banks. Avoid sharing it casually, like at hotels or stores.
vi. Ensure Secure Handling: If you’re sharing Aadhaar, confirm that the
institution has secure data practices, such as encryption and limited access.
Real-Life Example: Aadhaar and PAN Misuse in Thane
In 2024, a businessman in Thane, Maharashtra, received a shocking ₹382 crore tax
notice due to the fraudulent use of his Aadhaar and PAN details. CyberChor used his
information to open multiple bank accounts, conducting illegal activities like money
laundering and tax evasion. This incident shows just how critical it is to keep your
Aadhaar details secure by using Masked Aadhaar and avoiding sharing in unsafe
places.
With Aadhaar-related scams on the rise, using a Masked Aadhaar and avoiding unsafe
sharing can go a long way in keeping your identity secure. These simple steps reduce
your risk of identity theft, financial fraud, and other cybercrimes. Stay vigilant, protect
your Aadhaar, and secure your digital identity.
 Protect Your Aadhaar, Protect Your Identity...!

1.3. UGC Reasons Behind Falling in Trap of CyberChor (Figure 9)

Nobody today can afford to ignore basic cyber-hygiene practices. If you still think you
can skip out on these essentials, then you might just be the next target for a CyberChor.
It’s unfortunate, but in the countless cases that have been shared with me, people only
start taking cyber-hygiene seriously after they or someone close to them becomes a
victim of cybercrime. Only then, after the ‘damage’ is done, do they become ultra-
vigilant and experts in all things cyber-hygiene.

Figure 9 UGC reasons behind falling into the trap of CyberChor

Ironically, cyber-frauds themselves have become the biggest teachers, or "catalysts,"

of cyber-hygiene awareness. But isn’t it so unfortunate? Too little, too late!

So, why wait for a scam to learn the lesson? Let’s all start here and now, being prepared
and staying vigilant to combat cyber-frauds in unison. In today’s digital world, nobody
can afford to be careless or unaware of the endless kinds of cyber-scams lurking
around, or to be naive or gullible to the ‘emotional traps’ set by CyberChor.
We have no choice but to be Cyber-Aware to stay Cyber-Safe...! Right here, right
now...!

1.4. Are You Cyber-Vulnerable? — A Quick Self-Check

Cyber Hygiene Quiz
Take this quick test to assess your digital habits.

📋 Check all that apply:

✅ Question Your Answer

🔒 I use the same password for multiple websites or apps. ☐ Yes / ☐ No

📩 I’ve clicked on a suspicious link in an SMS or email before. ☐ Yes / ☐ No

🆔 I’ve shared my Aadhaar without masking it at public places. ☐ Yes / ☐ No

📶 I connect to free public Wi-Fi without extra security. ☐ Yes / ☐ No

🔄 I often skip or delay system updates on my devices. ☐ Yes / ☐ No

📍 I keep Bluetooth or GPS turned on even when not needed. ☐ Yes / ☐ No

Result
 5–6 Yes: ⚠️ High Risk – You need an urgent digital detox!
 3–4 Yes: 🚧 Moderate Risk – Time to step up your cyber hygiene.
 0–2 Yes: ✅ Low Risk – Great! But never let your guard down.
🔐 CyberChor only needs one careless click. Stay sharp!
Cyber Careless vs. Cyber Smart – A Tale of Two Choices

📱 Real-life Scenario: You receive this SMS –

“Your KYC has expired. Click here to update immediately.”

🧍 Cyber Careless – Mr. A 🧍 CyberSmart – Ms. B

Reaction Clicks the link without checking. Ignores the SMS and visits her bank's
official site.
Next Enters login details on a fake Verifies KYC status via bank’s customer
Step page. care.
Outcome Loses ₹75,000 in a phishing scam. Escapes the scam and reports it.
Lesson “I thought it was urgent!” “Always double-check before clicking.”

Key Takeaway

One was reactive. One was informed.

Be a CyberSmart — it’s not just smart, it’s safe.
 CHAPTER 2: CyberCrime Playbook: Why you’re a
Target and How Attacks Happen
Cybercrimes are very real, common, and growing by the day. Every time you go online
to watch a small video reel, or log into your bank account, or wish anyone “Happy
Birthday” on a social media platform -you risk of becoming a victim of cybercrime. In
general cybercrimes could be classified as ‘cyber frauds’ or ‘cyber scams’, ‘cyber risks’
or ‘cyber terrorism’, depending on the intensity of the crime and the nature of the
target. The words ‘frauds’, ‘scams’, risks’, or ‘terrorism’ say it all to explain the
difference. Isn’t it?

Let us try to understand these words while taking a cue from the literary meaning of
these words. ‘Cyber frauds’ or ‘cyber scams’ are those deceptive practices that are
employed by CyberChor who intend to trick individuals.

But a common underpinning thought in your mind could be, ““What do CyberChor
want from me?”

“I am too ordinary to be of any consequence “.

“I don’t even have substantial savings “

… so on and so forth!

Dear Friends- Please remember CyberChor is hounding us for very a clear motive—

- to acquire RIMS - your Reputation, Identity, Money or a Secret (Figure 10).

 Figure 10 RIMS: Protect What Matters in Cybersecurity

Identity: The Heart of RIMS

In the physical world, your Physical Identity is your face, your voice, your signatures
coupled up with some government issued identity documents such as passports,
driver's licenses, or national ID cards that serve as official verification of your identity.

Now in this interconnected world you also have your Digital Identity. It includes your
log-in credentials and your passwords to your online email accounts, social media
accounts and online banking accounts. Therefore, if a CyberChor has access to your log-
in IDs, your social media handles, he just needs your profile pictures and your
passwords to become you. Thereafter, he ‘becomes’ you and can safely carry out any
cybercrime under your guise. Impersonating one’s identity is perhaps easier than one
can think of. While physical identity is harder to duplicate, but digital identity can be
easily compromised through identity theft by a CyberChor. And once Identity is stolen,
Reputation, Money and Secrets follow meekly like puppets.

Let us try to deep dive into the psyche of a CyberChor and understand their purpose of
defrauding you. Akin to any legal matter where the judge always attempts to
understand the “motive” and “tools” of a criminal, we would also attempt to
understand the motivation and tools of a CyberChor.

2.1. Who Gets Targeted, Who Attacks, Why and How?

Such questions as written in the title, must have bothered you but the replies might
have eluded. These well-meaning doubts can be best resolved, if you would get to know
the overall ecosystem of cybercrime. Understanding this ecosystem will reveal a lot
about the common modus-operandi of various kinds of CyberChor.

This ecosystem is conceptually mapped in, what is popularly called a ‘Cyber Threat
Landscape’ (Figure 11). It will help you to know about what various types of CyberChor
are (also referred to as ‘Threat Actors’), and whom do they identify their victims
(‘Targets’). This landscape also explains why they commit these crimes (‘Motives’), and
finally what are some of the tools at their disposal to commit cybercrime (‘Vectors/
Techniques’).

Figure 11 Cyber Threat Landscape details

 Who Gets Targeted (Targets/ Victims): Cybercrime can affect individuals, disrupt

organizations, or even harm entire countries by interrupting important services.

Indeed, CyberChor can target anyone—from individuals like you and me to
businesses/ organizations, and even nations. In short, anyone operating in cyber-
space can become a victim.
If an organization has to ‘safeguard’ itself from cybercrimes, it employs what we
refer to as “Cyber Security” principles and if Individuals want to ‘insulate’
themselves from cyber-frauds, they employ “Cyber Hygiene” principles. This book
is more about the latter and not the former.
 Who Attacks (Threat Actors): Cybercriminals, or CyberChors, go by many

names—hackers, fraudsters, rogue actors, and more. They come from different
backgrounds and skill levels. Some may have little to no formal education, while
others could be highly trained professionals. Even people you wouldn’t expect—like
students or employees—can turn into cybercriminals if they misuse their access to
an organization’s systems for money, revenge, or power.

These criminals don’t always work alone. Some act as individual hackers, while
others operate in small gangs or large, well-organized groups. The more
structured groups function like a business, with different roles such as:

Figure 12 4 Simple Ways To Learn English Effectively

Real-Life Example: The Twitter Bitcoin Scam (2020)

One shocking example of an "insider threat" was the Twitter Bitcoin Scam in 2020. A
group of young hackers tricked Twitter employees into giving them access to the
company's internal tools. Using this, they hacked the accounts of famous
personalities like Elon Musk, Barack Obama, and Bill Gates. They then posted fake
tweets asking people to send Bitcoin, promising to double their money. Many people
fell for the scam, sending thousands of dollars before Twitter caught on and stopped it.

This case shows how even trusted insiders can be manipulated or turn into
cybercriminals themselves, using their privileged access to exploit others.

Cybercrime is constantly evolving, and anyone—from a teenager with a laptop to a

highly organized gang—can be involved in it. The best way to stay safe is to be aware
of how these criminals operate.

Why They Attack (Motives):

Cybercriminals, or CyberChors, have different reasons for hacking. Some do it just for
fun, while others want to get revenge or prove their hacking skills. But the most
dangerous reason is when they attack to fulfil a mission—whether for political,
financial, or ideological reasons.

Many cybercriminals steal what we call RIMS:

 Reputation – Damaging a person’s or company’s image

 Identity – Stealing personal details to commit fraud
 Money – Hacking bank accounts or scamming people
 Secrets – Leaking confidential information for blackmail or espionage

Real-Life Example: The WannaCry Ransomware Attack (2017)

One of the most terrifying mission-driven cyberattacks was the WannaCry

ransomware attack in 2017. A group of hackers launched a worldwide cyberattack,
infecting over 200,000 computers across 150 countries. The ransomware locked users
out of their systems and demanded payment in Bitcoin to restore access.
Hospitals, banks, and government offices were among the victims. The attack
paralyzed the UK's National Health Service (NHS), preventing doctors from
accessing patient records and delaying medical treatments.

Many experts believe that the attack was not just about making money but also a
politically motivated cyberwarfare mission. This shows how cybercriminals can go
beyond personal greed and attack entire countries or organizations for larger goals.

These are not CyberChor hounding ordinary mortals like you or me but are CyberChor
operating at a larger scale – such as at the national level and are hired, trained, or
sponsored by business houses or nation states. Their motive could be to steal some
confidential information, a trade secret, or could also be to disrupt the smooth
functioning of the nation.

Just for ease of differentiation, CyberChor who scam individuals would be referred to
as ‘CyberChor’ in the book, and the rest could be christened as ‘CyberDacoits’ (we shall
talk more about CyberDacoits in our next series)

Irrespective of the nature and scale of committing a cybercrime, CyberChor employ

various tools and techniques to launch their attack.

Let us try to understand that. As already suggested earlier, in this book, we shall
restrict ourselves to the enemy of an individual like you or me, whom we are referring
as a ‘CyberChor’.

“How a CyberChor Attacks” is probably going to be the most important part of your
learning with me, which you might not have discovered on your own till now. If one is
aware of basic attack strategies, one becomes better equipped to avoid or avert an
attack.

This knowledge shall, therefore, put you in a better position to protect yourself
digitally.
2.2. How a CyberChor Attacks - Attack Vectors and Hacking
Techniques

After all, the toolkit of a CyberChor is usually composed of ‘attack vectors’ and ‘hacking
techniques.
A. Attack Vectors: Attack vectors can be understood to be the ‘entry point’ or ‘the
loophole’ to launch the attack. Like any other robber, a CyberChor too needs an ‘ajar
window’ or a ‘cracked door’ to launch an attack on your device. There can be several
‘entry points’ to your device or data. For instance, it can be an infected link
contained in an SMS or a social media message, or it can be a malicious attachment
to an email. It could also be a fake website that you casually or carelessly ‘strolled’
into. Even USB drives carrying some infection can serve as attack vectors or there
could be some network vulnerabilities in your system. All these can serve as Attack
Vectors or the ‘entry points’ to launch the attack. Some of the most popular attack
vectors are shared here
a) Social Engineering: Social engineering is the “Art of Tricking” or manipulating
your mind so as to cajole/ threaten you to share information that you would not
have shared in normal circumstances. To ‘win your confidence’ a CyberChor may
assume the identity of a friend, say, a job recruiter, colleague, or even a bank
representative and make a call to you or, send you a text message through social
media handles, or even can email.
The important underlying trick is the ‘psychological manipulation’ of your mind
by employing what we often call in Hindi as (Figure 13) साम, दाम, दं ड, भे द! The
phrase, when Loosely translated in English, means the following
 Saam: to give you a ‘friendly’ advice

 Daam: to lure you with an offer

 Dand: to instil fear in you through some punishment

 Bhed: to exploit any of your secrets

 Figure 13 Cyber Manipulation Tactics: Beware of Saam, Daam, Dand, Bhed

In the context of cybercrimes, it reveals that the CyberChor tries all tricks in his bag to
get your digital identity. He would try to persuade you (social-engineering), Purchase
you (offer you carrot of free-offers), Punish you (frighten you by cyber-bullying you, or
by resorting to digital-arrest), and exploit your weakness especially if you are unaware,
gullible or careless. (UGC)

For example: You get a threatening call / SMS/ email / message from someone
pretending to be from “Enforcement Directore” or any other government authority
such as “CBI” and insist that they possess details of some of the illicit activity done by
you / your family which they might be ‘compelled to release it in public domain’ if you
won’t do what they would insist on (either click at a link, or transfer some amount) and
so on.

b) Phishing (to be spoken as “Fishing”): Phishing is one of the most common online
methods used by CyberChor use to trick you to ‘compel’ you to ‘click’ at some link
for giving away / stealing your sensitive personal information like user id and
passwords, credit card credentials, or any other details. Just like Social
Engineering, to ‘provoke’ you to click, CyberChor might send this message,
 camouflaged as your well-wisher or a trusted entity. These messages could also
create panic or excitement, to make you act fast to click a link or enter your
confidential details without thinking twice.

For example: you receive an email supposedly from your company's IT

department, claiming there is an urgent problem with your work account. They
then request you to update the password and provide a link through which it can
be done. Thinking that you are going to soon lose access to your account, you click
the link fast and enter your current password. Guess what? The email was a
phishing email, and now CyberChor has your sensitive data and the nightmare for
you has just begun!

B. Hacking Techniques: After the ‘ajar window’ has been creaked open by Attack
Vectors, the CyberChor stealthily creeps in and cunningly gains access to your device.
After gaining access, the CyberChor now mercilessly launches action(s) (like throwing
a bomb, tying your hands, or to making you unconscious) to rob you of your
information, money, or credentials. Such actions (s) are called Hacking Techniques.
Loading mischievous and malicious software, called Malware, is the most popular
hacking technique to steal information from the device of the victim.

Malware: Malware (Figure 14) are malicious software that lets CyberChor take
control of your device or steal your data. Malware can ‘enter’ your system in several
ways such as when you inadvertently open an attachment of a fake email that contains
malware or when you attempt to download files from unsafe sites, or when you click
on unsafe links, or may be when use apps downloaded from untrusted sources.

Figure 14 Types of Malware

For Example: Let us presume an email comes in your Inbox that seemingly has come
from your friend and carries an attachment called "Important Document”. You gullibly
/ carelessly open the file, without validating from your friend. Surprisingly, you don’t
find anything relevant in it. However, in the background, this “click” starts installing a
malware on your computer that initiates copying of all your contacts or starts emailing
“urgent” emails to your contacts – giving CyberChor full control of your Inbox or even
the device.

Figure 15 How CyberChor Attacks

Dear Readers, one thing we have to keep in mind is that to commit a crime, CyberChor
needs both – the ‘ajar windows’ as well as the ‘hacking techniques’ (Figure 15).
However, the deployment of the two would vary from context to context. There could
be several times when a vector technique also becomes a hacking technique, such as
Phishing and Social Engineering. For example, you yourself may become a Threat
Vector as well as a ‘hacking technique’ for your device?

Surprised?

Let me tell you how …

Don’t you, at times end up revealing your confidential information to a stranger, when
gently coaxed?

Let me gently reveal you yet another dark secret of a CyberChor. It is the secret of a
“multi-factor attack”. A suave CyberChor shall never employ just one technique at a
time. Instead, he usually launches a multi-factor attack where more than one type of
threat vectors and hacking techniques are used together.

For example:

CyberChor, posing as trusted service providers or reputable contacts, often employ

tactics to trick individuals into unknowingly installing malware or sharing sensitive
information. In the case of the Oswal Group, attackers used a targeted phishing email
disguised as a legitimate communication from a vendor. This email contained a link
that, when clicked, secretly downloaded ransomware onto the system.

Once inside Oswal’s network, the CyberChor encrypted critical data and demanded a
ransom, disrupting operations and locking employees out of essential files. To add to
the deception, they used social engineering tactics to keep employees engaged,
diverting their attention from the malware being deployed in the background.

Similarly, CyberChor often trick individuals into downloading screen-sharing software

or remote access tools. Posing as utility providers, they may send SMS messages or
emails asking users to “verify accounts” or “avoid service interruptions” by clicking on
a link. This one click can secretly install a screen-sharing app on your device. Once
installed, the attackers may engage you in a prolonged conversation to prevent you
from disconnecting, while simultaneously observing your PINs, OTPs, or any sensitive
details displayed on your screen.

In both cases, whether on a large organizational level like Oswal or personal devices,
attackers use social engineering to gain access to confidential information, bypassing
security measures and causing potential financial or operational loss.
2.3. CyberChor Playbook: Top 10 Deceptive Tactics
In the modern digital world, scamsters have developed numerous tricks to target
unsuspecting individuals, often exploiting vulnerabilities and using clever tactics to
steal personal information or money. Middle-aged and elderly people are especially
vulnerable, but even younger people can fall into these traps. Here are ten common
tricks (Figure 16) that scamsters use to deceive people and how they work:

i. TRAI Action Against Your Phone

CyberChor might claim that the telecom authority (TRAI) is taking action against
your phone number due to “suspicious activity.” They’ll often ask for personal
information to “resolve” the issue, hoping to gain access to your data.

ii. Parcel Stuck at Customs

Fraudsters may inform you that a package is held at customs and requires a
payment or personal details to be released. This is a common tactic to trick
individuals into sharing sensitive information.
iii. Put Under Digital Arrest

Some CyberChor use fear tactics by telling you that you’re “digitally arrested” for
illegal online activity. They’ll pressure you to pay a “fine” immediately, exploiting
your anxiety to collect money quickly.

iv. Credit Card Issue in Your Name

Fraudsters might contact you, saying there’s an issue with your credit card or that
unauthorized charges were detected. They’ll ask for your card details to “fix” the
problem, but instead, they’re trying to steal your information.

v. Family Member Arrested

In this scam, a fraudster pretends to be a police officer or authority figure,

informing you that a loved one has been arrested and urgently needs financial
help. This emotional manipulation pushes you to transfer money quickly.

vi. Generous Tax Refund

Scamsters often promise a generous tax refund, asking for your bank details or
an upfront fee to process the refund. However, the refund doesn’t exist, and the
information you provide could lead to identity theft or financial loss.

vii. Money Transferred by Mistake

Fraudsters claim they have accidentally transferred money to your account and
politely ask you to “return” it. They hope you’ll send money without realizing that
no such transfer actually took place.

viii. Get Rich by Trading Stocks

CyberChor lure you with promises of high returns from trading stocks. They
claim to have a special method and might ask for an initial investment. Once you
send the money, the “investment opportunity” disappears.

ix. Earn Big from Easy Tasks

Fraudsters often advertise high pay for simple online tasks. However, they
usually ask for personal information or an upfront fee before allowing you to
 start. This is a tactic to collect your data or take your money without offering any
real opportunity.

x. KYC Has Expired

Many scams revolve around KYC (Know Your Customer) verification. CyberChor
might inform you that your KYC has expired and request your personal data to
“update” it. This can lead to identity theft or unauthorized access to your
accounts.
Figure 16 Top 10 Most Common Trick used by CyberChor
2.4. The Illusion of Free Offers: Understanding Hidden Costs
In the digital age, offers of free gifts and cards are prevalent, especially on social media
platforms. While these promotions appear enticing, they often come with hidden
conditions that can lead to consumer dissatisfaction.

Common Tactics:

 Mandatory Purchases: Some offers require consumers to buy certain products

to receive the "free" gift, with the cost of these products sometimes equaling or
exceeding the value of the gift.

 Lengthy Processes: Participants may need to complete multiple steps, such as

filling out extensive forms or subscribing to services, which can be time-
consuming and intrusive.

 Data Collection: These promotions often collect personal information, raising

privacy concerns and the potential for misuse of data.

Consumer Experiences

Many individuals have reported dissatisfaction with such offers, feeling misled by the
promise of free items that come with unexpected obligations. This has led to a
perception of these promotions as deceptive or even fraudulent.

Examples:

1. The Free Recharge Scam: A fraudulent scheme circulated, claiming that the
Telecom Regulatory Authority of India (TRAI) was offering free mobile
recharges for three months. This scam aimed to collect personal details under
the pretense of a government-backed offer.

2. Fake Online Stores: Scammers set up counterfeit websites (Figure 17)

resembling legitimate retailers, offering products at unrealistically low prices.
Once payment is made, the products are never delivered, and the scammer
disappears with the money.
 Figure 17 Scam Trap

Protective Measures:

Figure 18 Protective Measures

While free offers can be genuine, it's essential to approach them with a critical eye.
Understanding the common tactics (Figure 18) used in these promotions can help
consumers make informed decisions and avoid potential pitfalls.
 CHAPTER 3: How Cyber Scammers Trick You in Daily
Life?

In this era of technology, everything is connected—our phones, computers, smart

devices, and even home appliances. This gives cybercriminals, or CyberChors (digital
thieves), plenty of opportunities to trick and scam people.

Let’s take a closer look at how these CyberChors operate and the sneaky tricks (Figure
19) they use to steal your data or money. You’ve probably heard about malware—a
type of harmful software hackers use to take control of your device. But how do they
actually get malware onto your phone or computer without you knowing?

Over time, cybercriminals have developed new and smarter ways to hack into systems.
Their methods depend on different factors like their goals, the situation, and the victim
they are targeting. To help you stay safe, here are some common tricks and tactics that
these CyberChor use to scam people every day.

Figure 19 Common Tricks used by CyberChor

3.1. Common Tricks Used by Cyber Chores

1. Bait and Switch: CyberChor use popular ‘ads’ and ‘updates’ that trick you into
downloading a program that looks real but secretly installs malware) on your
 devices. For example, there could be an ‘ad’ for a fake antivirus software that
claims your computer is infected. When you click there to ‘download’, you end
up downloading a malware and not the antivirus software. Similarly, as we read
in the last chapter, CyberChor can pretend to be any of the ‘trusted’ service
provider, such as an employee of a gas agency who would help you to avoid gas-
disconnection or an employee of your credit-card agency who could help you to
get high discounts on your bill amounts or help you redeem your credit-card
points. First, they would enter into deep conversation with you and eventually
‘motivate’ you to install an apk file (. apk is the file extension for Android
package files) on your phone. Once you do so and click on this. apk file this file
starts running in the background of your device and starts giving CyberChor an
unrestricted access to your SMSs, contact list and so on.
2. Click-jacking: You think you’re clicking on something safe, but CyberChor
secretly redirect you to other dangerous actions such as redirect-you to a
malicious website. For example, you presume you are on the website of your
dream university, and you click at it and start inputting your details to submit
the form. It was instead a fake-university website. This fake site might prompt
you to fill your banking details while filling the form. You fill the entire
University form and finally click on what you think is the ‘Submit Form’ button.
Now this could actually be the payment confirmation button, disguised as
‘Submit Form’ button on this fake site. As a result, the money is ‘stealthily’ wired
to the CyberChor without your knowledge. Therefore, click-jacking not just
stole your personal details that you must have filled in the form, silently
initiated a financial transaction but also ‘harvested’ your banking details for
future, especially if the banking page was open on your device at this time.
3. Bots and Botnets: The word ‘bot’ is derived from the word Robot that performs
tasks with minimum human intervention. Similarly, a bot is automated software
that performs a specified task, such as steal passwords, send spam messages
through the Internet. A botnet is a network of compromised computers, each of
which have malicious bots installed on those. Use of bots and botnets enable
CyberChor to launch more powerful, automated cyber-attacks on several
people/ devices at the same time.
 4. Key-logger: CyberChor can ‘deploy’ small scripts on unattended devices that
can secretly record everything that you type, such as passwords or banking
details. Key loggers could be loaded on unattended devices could be desktops
in a cyber-café’; or on your digital devices that you might have given for repairs
to an unauthorised service provide or could even be installed on your
unattended office-machines. Unlike malware, key-loggers do not harm your
device; these are used to steal the data.
5. Evil Twin Attack (ETA): CyberChor set up fake Wi-Fi at places you often visit,
like a coffee shop, or at airports or in hotels. To lure victims, such evil twins
usually have stronger signals and no-password policy to permit easier log-in
than the authentic wi-fi. If the user logs into something sensitive (like a bank
account), through these evil twins then the CyberChor can see all the login
details and save them for later use. So, it can be deemed as a snooping activity
or an eavesdropping activity to ‘sniff’ your data.
6. Cookie Theft: CyberChor steal your browser cookies, which hold information
about your accounts, letting them log in as you. For example, when you are
shopping on any e-commerce website, it can be annoying if you have to type in
your password and login information again and again. Session cookies save this
information for you to keep you logged in, without unnecessary disruption of
retyping.

After you have understood basic types of hacking techniques, you can better
understand the various traps that are laid out to scam you! As I had warned you in
the previous chapter, you should never forget that these tricks and techniques are
usually employed in combinations (multi-factor attack) to get your RIMS from your
digital device. And what is the most accessible and the most popular device that
you always carry on your person… your mobiles! Yes, now we shall move on to
cover some of the popular scams that assail your Smartphones in particular.

3.2. Scams in Disguise: Tricks That Blend into Your Day

1) Money Credited, Balance Deleted
You get a message: “₹5 has been credited to your bank account.”
 Curious or surprised, you check your balance. Suddenly, you get a call or message
asking you to return the money. They send you a link or QR code to do it.
You click. Moments later, your entire account balance is gone.

What’s the Scam?

Cybercriminals are now sending small amounts (₹5 or ₹10) to build your trust. Then,
they:

 Send phishing links

 Ask for OTPs or UPI PINs
 Get you to scan fake QR codes

One click — and your account is wiped out.

How to Stay Safe:

 Ignore suspicious credits from unknown people

 Don’t click any links or scan QR codes to “return” money
 Never share OTPs, UPI PINs, or banking passwords
 Report to cybercrime.gov.in or call 1930

2) The Fake Wedding Invitation Trap

You receive a WhatsApp message from an unknown number with a digital wedding
invitation attached. It looks genuine, perhaps even mentioning familiar names. Out
of curiosity or courtesy, you open the attachment.

Unbeknownst to you, this "invitation" is a malicious file. Once opened, it installs

malware on your device, granting scammers access to your personal data,
including banking information, photos, and contacts. They can monitor your
activities, steal sensitive information, and even impersonate you to scam others.

How to Stay Safe:

 Verify the Sender: If you receive an unexpected wedding invitation, confirm

its authenticity by contacting the sender directly through a known channel.
  Avoid Downloading Unknown Files: Be cautious of files with extensions like.
apk or unfamiliar formats, especially from unknown sources.
 Keep Your Device Secure: Install reputable antivirus software and keep your
operating system updated to protect against malware.
 Report Suspicious Activity: If you suspect a scam, report it immediately to the
National Cyber Crime Reporting Portal at cybercrime.gov.in or call the helpline
at 1930.

 Remember

Not every invitation is a celebration. In the digital age, scammers exploit our trust and
emotions. Stay vigilant, think before you click, and when in doubt, it's better to miss a
fake invite than to compromise your digital safety.
3) Corona Vaccine Call Scam

You receive a phone call that sounds official — maybe even robotic. The message
says:

“Have you taken your COVID-19 vaccine? If yes, press 1. If no, press 2.”

It feels like a government health survey or hospital check-in. Wanting to cooperate, you
press a number. And that’s where the trouble begins.

This call is not from any government agency. It’s a scam. By pressing a button, you may
unknowingly:

 Connect your call to a fraudster

 Allow access to your phone line
 Be tricked into revealing bank details, OTPs, or UPI PINs

Within minutes or hours, your bank account could be drained.

How to Stay Safe

 Don’t press anything on such calls — just hang up.

 Never share OTPs, bank info, or PINs with anyone over the phone.
 If unsure, call your doctor or hospital directly.
 Report suspicious calls to cybercrime.gov.in or 1930.

 Remember

Scammers use real issues to create fake urgency. Just because it sounds official
doesn’t mean it is. Always pause, verify, and protect your information — your safety
is in your hands.

4) The WhatsApp Image Trap

You receive a WhatsApp message from an unknown number, possibly with a photo
and a message like:

“Do you know this person?”

Out of curiosity or concern, you open or download the image. But what you don’t
realize is — the image may contain hidden malware.
Once opened, it can secretly install malicious code on your phone, giving scammers
access to:

 Your banking details

 Passwords
 Contact list
 Personal photos and chats

The CyberChor can then use this data to steal money, impersonate you, or blackmail
you.

How to Stay Safe

 Don’t download files or media sent from unknown numbers.

 Disable auto-download of photos, videos, and documents in WhatsApp:
Go to WhatsApp Settings → Storage and Data → Media Auto-Download
Set everything to “No Media” under Mobile Data, Wi-Fi, and Roaming.
 Use antivirus or anti-malware apps on your phone.
 Don’t reply or forward such messages — report and block the sender.
 Report suspicious messages on cybercrime.gov.in or call the helpline 1930.

 Remember

Not all images are harmless — some are silent traps. WhatsApp is meant for connecting
with loved ones, not scammers. So always pause, verify, and protect before clicking or
downloading anything.

5) Fake Delivery OTP Scam

You hear the doorbell ring. A delivery person is standing there with a parcel
addressed to you.

Confused, you say, “But I didn’t order anything.”

The delivery guy politely replies, “No problem, Ma’am/Sir. Just share the OTP you
received to cancel it.” You check your phone, see a message with a 6-digit OTP — and
to get it over with, you share it.What you don’t realize is: that OTP wasn’t for the parcel
— it was for something else.

Within minutes, the scammer uses that OTP to:

 Log into your WhatsApp

 Access your bank or UPI apps

 Steal personal data or impersonate you

How to Stay Safe:

 Don’t share any OTP with a delivery person — ever.

 Refuse parcels you haven’t ordered, even if your phone number is on them.
 Check the order source — verify with apps you actually use (Amazon, Flipkart,
etc.).
 Enable 2-step verification on WhatsApp, Gmail, UPI apps, etc.
 Report the incident on cybercrime.gov.in or call 1930.

 Remember

Scammers are now reaching your doorstep — with fake deliveries and real tricks.
Just because your number is on a package doesn't mean you have to cooperate.
If you didn’t order it — don’t engage. Don’t give the OTP. Just shut the door.

3.3. Top Five Daily Scams You Might Fall For

Think you’d never fall for a scam? Think again.
Cybercriminals aren’t always using high-tech hacks — they’re using clever tricks
woven into your daily life. From fake job offers to delivery OTP traps, these scams are
designed to look normal… until it’s too late.

Let’s break down the 5 most common scams you’re likely to encounter — and how to
avoid them:
 ⚠️ These scams often slip into your phone through SMS, social media, or unknown apps.
Know them. Avoid them.

🕵️ Scam Type 🎯 How It Tricks You 📱 Where It

Happens
🧳 Fake Job Tempting salaries, work-from-home gigs. WhatsApp,
Offers Then ask for a “registration fee.” Telegram groups
📈 Investment Promise quick returns in crypto, forex, or Instagram,
Scams stocks. “DM us to join VIP group.” YouTube ads

📦 Delivery OTP Fake courier calls: “Your package is stuck. SMS, Phone Calls
Fraud Share OTP to confirm delivery.”

🖥️ Fake Tech “Your phone is hacked. Download this app Browser pop-ups
Support now.” Often leads to remote access.

💸 Loan App Lure with instant loans. Then threaten and Unknown apps
Traps harass your phone contacts.

Quick Tips to Stay Safe:

 Never pay money to get a job.
 Don’t believe anyone offering huge profits fast.
 No real courier or bank ever asks for your OTP.
 Only install apps from the official Play Store/App Store.
 If in doubt, pause and verify before clicking.

Chapter 4: Cyber Kavach: Build Protection for

Social Media, Devices & More
4.1. Introduction: What is Social Media?
Social Media - a way or medium to connect people in the digital world.
Social media is an online place to interact and share information with people while
creating a digital connection. While it began as just friendly platforms for socialize, like
Facebook and Myspace, social media is a vast network of relations that's often complex
and diversified to meet very different needs. Mark Zuckerberg had just made Facebook
to connect students from various schools; now, it is a global network with billions of
users.
 From professional networking to instant news updates, casual chatting, and even dating
services, social media platforms are doing it all. It represents a shift in the way people
interact and engage with one another and information online. While social functions are
coming through, it now also ensures being an (Figure 20) essential business tool,
education platform, or entertainment source of modern life.

Figure 20 Social media Examples

4.2. Different Types of Social Media (Figure 21)

A. Social Networks: Other platforms include Facebook, LinkedIn, and X; all these
platforms desired to create relations and a network that made up the basis
whereby one could interact with updates.
B. Media Sharing Networks: Instagram, Snapchat and YouTube are designed to
share images and videos, be they photos or videos in any case, to a mass audience
across the world.
C. Discussion Forums: This is a website where forum users can post questions and
share knowledge on many subjects and discuss various issues. Some of the more
popular forums include Reddit and Quora.
D. Content Curation Networks: Platforms like Pinterest and Flipboard help users
discover and organize content based on their interests.
E. Dating and Matrimonial Platforms: Tinder, Bumble, and Shaadi.com provide
spaces for dating, friendships, and marriage connections online.
 Figure 21 Types of Social Media

The Joy of Sharing on Social Media

Through social media, we can collect people from every nook and corner of the world
to share sweet moments, thoughts, and achievements with people worldwide. If it is a
birthday, graduation, or travel adventure, it is just great to share them with others. For
those who are creative souls, this fulfils the urge for presentation of talents, passion,
and expansion to broader groups through Instagram, YouTube, or TikTok. It's also an
excellent learning and information tool, offering one with news, educational content,
and diverse opinions. On the other hand, however, social media comes with so many
good opportunities that have made it necessary to watch out about privacy, avoid
oversharing, and stay away from all risks such as cyberbullying, misinformation among
others.

4.3. The Risk of Social Media

The World Knows Much More About You Than What You Know About Yourself
Social media feels like a safe place to sharing our lives activities and updates, but the
reality is far more unsettling. Like every post, like and share seemingly innocent
actions build a digital profile of you that is far more detailed than you might ever think
about it. Social media platforms track and analyse every move & activity you make
online. These platforms collect data on your interests, habits, and of your emotions,
often knowing you better than you know yourself. This is the terrifying reality of the
Social Media Platform.

You might think you're simply sharing a photo of your vacation or expressing an
opinion on a trending topic. However, behind the scenes, mathematical algorithms
work tirelessly to dissect your online behaviour. They know exactly what time of day
you are at your most active, how you behave toward certain content and even how
your mood changes. All of this puts together creates an incredibly detailed map of
personality, lifestyle, and preferences. The scariest is that you don't have control over
how the information is used.
The Oversharing Paradox
When Social Media Knows You Better Than You Do
The "Oversharing Paradox" is that delicate and fateful balance between the urge to
share personal experiences on social media and the threat of exposure to harm. In
our quest to connect, gain validation, or simply express ourselves, we often reveal
more information than we realize. This data can include personal routines, locations,
habits, and even our emotions. While sharing on social media feels safe and satisfying,
it creates a digital footprint that can be exploited by anyone-whether it's marketers,
CyberChor or even strangers with malicious intent. The paradox lies in that the more
we share to feel connected, the more we expose ourselves to risks we might not
foresee.
A. Identity Theft
Identity theft on social media happens when CyberChor use stolen personal
information to impersonate someone online. They create fake profiles using details
like names, photographs, and other available information. Their goal can be to trick
the victim’s friends and family into sending money, spread false information, or carry
out other illegal activities while pretending to be the victim. Unlike phishing, which
aims to steal personal data directly, identity theft uses already available or previously
stolen information to manipulate others.

Let’s go back to the year 2021, to see how users of Facebook account became hapless
victims to a phishing scam.
Facebook Phishing Scam (2021)

In the year 2021, some of the Facebook users got ‘high alerts’ that due to a new
Facebook policy they have to "CLICK” on the provided link to secure their accounts,
else they would have to face “Deactivation” of their accounts. This policy-alert looked
quite official, was supposedly from the security team of Facebook, had an official
language and tone and even had an almost look-alike Facebook logo. Majority of the
gullible and careless users trusted that this was a real request and ‘Clicked’.

The click-unknowing users are directly taken to a scam website posing as the authentic
Facebook login page. The site then prompted the victims to include their Facebook
username and password to confirm their Id and protect their account. Users
unwittingly entered their details hoping to save the deactivation thinking they were
interacting and submitting information on real Facebook….

"Look Who Died" Facebook Scam

The "Look Who Died" Facebook scam is a phishing attack designed to exploit users'
emotions and curiosity. It begins with a shocking or emotionally manipulative
message, such as "Look who died," which is often posted in comment sections or shared
as a direct message. When users click on the link provided, they are redirected to a fake
website that mimics Facebook's login page. Unsuspecting victims are then prompted
to enter their login credentials, which are subsequently stolen by the scammers. Once
the account is compromised, the attackers use it to propagate the scam further by
posting similar messages or sending them to the victim's contacts. Additionally, the
compromised account may be exploited for other malicious activities, such as stealing
personal data or sending spam. To avoid falling victim to such scams, users should
refrain from clicking on suspicious links, verify the authenticity of messages, and
enable two-factor authentication on their accounts.

Outcome: The techies would collect all the information of the user without wasting
any time at this point and then let things go from there. The CyberChor, like last time,
will now be able to perform several nefarious and man behind the scene from:

 Changing the account passwords, locking the real owners out to prevent the
access.
  Accessing personal messages and information to perpetrate further frauds, like
sending phishing messages to the victims' contacts like friends with whom
users has interacted more and personal things.
 Using the compromised accounts to run scams, post malicious content, or even
request money from friends and family members.

In the result of this phishing scam left many users locked out of their accounts, leading
to unauthorized access and misuse of personal data. For some, this was followed by
further identity theft, where the obtained information would then be used by hackers
to try to gain access to other accounts linked to the same email or financial accounts.
One's cold sweat in realizing that the phishing scam can indeed become sophisticated
and that one must take care when acting on unsolicited messages, no matter how
seemingly legitimate they may come from known senders.

Suspicious Job Opportunity Targeting Freelancers Worldwide

A UK-based third-party agency claims to specialize in improving rankings and likes for
Booking and Airbnb apps and is recruiting freelancers globally. The job requires only
a mobile phone, offering flexible hours and locations. The advertised daily pay ranges
between 100-300€, with formal employees allegedly earning up to 10,000€ monthly.
However, the listing includes concerning restrictions: students under 22 and
individuals from Africa and India are excluded, citing remittance issues.

The offer directs potential applicants to a WhatsApp link for more information, using
a URL shortener service that promises high pay-outs for clicks, raising concerns about
the legitimacy of the ad.
4.4. Red Flags to Note

Figure 22 Red Flags

Recommendation: Exercise caution with such offers, avoid clicking unknown links,
and verify job listings through trusted sources.

Real Horrified Incident: Thane Man's Identity Misused in a Major Scam

Situation: Fraudsters misused the identity of a Thane man to conduct illegal

transactions worth over ₹383 crores. They managed to create fake accounts using his
personal details, leveraging them for large-scale fraudulent activities without his
knowledge.

Action: The CyberChor used the victim’s identity for unauthorized transactions and
business deals. The victim only learned about this massive fraud after receiving legal
notices and complaints regarding these illicit activities.

Outcome: Severe legal problems have faced you, including financial devastation,
destruction of reputation and inner despair. He had to go through the lengthy
procedure of proving himself not guilty, for it was he who would bear all responsibility
and repercussions from illegal transactions done under his name. This had huge and
long-lasting consequences on both his personal and professional life. Worst of all, he
had to wait in the wings for years until finally found innocent by the courts. What's
more, the victim had to work with authorities to gather evidence, lodge complaints,
 and recover his identity. Financial inquiries into the affair continue with authorities
trying to trace the culprits behind this massive fraud.

Real Life Horrifying Incidents

Incident 1: The Burglary After the Holiday Post
 Situation: In 2017, a family from the UK posted about their upcoming vacation on
social media, sharing their travel dates and plans. They were very excited and wanted
to keep their friends and family updated.
 Action: Their frequent posts during the trip clearly indicated that their house was
empty. The burglars had been watching their social media accounts and took this
opportunity to break into their house because they were out.
 Outcome: The family returned from holiday to find their home turned upside down
with valuables stolen. This incident makes it clear that over-sharing on social media
may end up being a goldmine for Chor as it makes the most auspicious of times become
security nightmares.
Incident 2: The Stalking Incident through Check-ins
 Situation: In the United States, a young woman named Christine frequently used
location-based check-in features on social media to share her whereabouts. She
enjoyed letting her friends know where she was hanging out and often tagged herself
at her favourite coffee shops, gyms, and other regular spots.
 Action: Over time, an individual began to monitor Christine's routine through her
public check-ins. They were able to predict where she would be at certain times of the
day.
 Outcome: Christine realizes she was being followed by a series of unsettling
encounters. The individual was arrested, and it was discovered that they had been
using her social media posts to track her movements. This incident demonstrated the
risks of oversharing, especially when it involves location data, making it easier for
someone to breach one's personal safety.
Incident 3: The Identity Theft via Social Media Posts
 Situation: A young professional named Mike frequently posted pictures of his
achievements and life milestones on social media, including images of his new car,
college graduation, and even a copy of his new job offer letter, complete with company
details and his full name.
  Action: CyberChor used the information Mike shared to gather enough personal data
to impersonate him. They managed to open new credit accounts in his name and made
unauthorized transactions, resulting in financial chaos.
 Outcome: It was only after realizing his identity had been taken that the car had been
mangled, deep. His credit score plummeted down, and he was made to undergo a
lengthy agonizing process recovering his identity and cleaning financial records. This
is what has made this incident a cautionary tale of risks involved in sharing personal
and sensitive information even when the intentions behind such actions are the good
for celebration.

4.5. Impersonation Scams on Social Media: The Rajasthan Gang Example

In a striking example of impersonation fraud, a gang in Rajasthan created fake

Facebook profiles of high-ranking officials, including the Police Commissioner of
Nagpur. These fake profiles mimicked the officials' real accounts with similar profile
pictures and titles to build credibility. The scammers used these accounts to contact
people, claiming emergencies or requesting money for charitable causes.

Tactics Used: The scammers set up profiles with similar profile pictures and titles,
making the accounts look like authentic representations of the officials.

Objective: Using these fake profiles, they contacted individuals, claiming emergencies
or charitable needs, to solicit money under false pretenses.

Impact: This scam damaged public trust and caused financial loss to those who
believed they were helping a genuine cause.

Key Takeaways for Users:

 Verify Requests: Always confirm the authenticity of any social media request for
money or personal information, especially from accounts posing as public figures.

 Check for Verification Badges: Look for the verified checkmark on official accounts
to ensure legitimacy.

 Report Suspicious Profiles: Report any account that appears fake or behaves
suspiciously to help prevent fraud.
 Quiz 4.1: The Social Media Risks

Q1 Risk regarding oversharing personal information on any social media

platform?

a) Losing followers

b) Gaining too much attention

c) Exposing yourself to potential harm, such as theft, stalking, or identity theft

d) Receiving negative comments

Answer: c) Exposing yourself to potential harm, such as theft, stalking, or identity theft

Q2 ‘Oversharing Paradox’ is

a) Sharing too much can make you more popular

b) The more you share to feel connected, the more you expose yourself to potential
risks

c) Posting regularly can increase your follower count

d) Sharing less makes you less vulnerable online

Answer: b) The more you share to feel connected, the more you expose yourself to
potential risks

4.6. Common Cyber Frauds Related to Social Media

Social media has made it wonderfully easy to connect, share, and interact with friends,
family, and new people all over the world, breaking down physical distances like never
before. But, unfortunately, it’s also opened up a whole new arena for CyberChor to
trick and scam unsuspecting users. These online frauds aren’t just annoyances; they
can lead to real financial loss, emotional stress, and serious damage to your reputation,
putting you in a very tough spot.

CyberChor might send messages that look like they’re from a friend or a trusted
company, coaxing you to click a link or share personal information. Sometimes, they
go even further, creating fake profiles to steal your identity or to trick your friends and
family into thinking they’re you—only to then ask for financial help. These scams can
 happen to anyone, and the consequences can be dire, from losing hard-earned money
to having your personal information stolen, or even watching your online reputation
crumble.

That’s why understanding these common social media frauds (Figure 23) is absolutely
essential. When you know what to look out for, you’re better equipped to spot the signs
and protect yourself from becoming a victim. Below are some common social media-
related scams and frauds, illustrated with real-life incidents of cybercrimes that have
happened on popular platforms.

(Disclaimer: All the mentioned cybercrimes are applied to all the Social Media
Platforms, But the below mentioned examples are randomly chosen and explained.)

Figure 23 Frauds related to Social Media

1) Romance Scams

This scam (Figure 24) is where the fraudster creates an imaginary online relationship
to emotionally and financially extort money from their victims. They make an identity
as a soldier, doctor, or as some vulnerable person who needs help and uses emotional
strategies to gain their victim's trust. After bonding strongly with their prey, they begin
asking for money by manufacturing fake emergencies to loot from their victims.

Real Horrifying Incident: Engineer from Vizag Loses ₹28 Lakh in Romance Scam
 Situation: Boyfriend scam worth ₹28 Lakh stole money from Vizag Engineer
Situation: Romance scam from Vizag, India reported recently; this time it was a
software engineer who fell in love with some woman. She introduced herself as a
doctor from the U.S. over the internet. They bonded through frequent comments and
messages on social media and other platforms. She talks to him about her tough job
and life in the United States all the time.
 Action: A woman introduced the engineer as a friend with whom she had, been in
regular touch. She even told him that she planned to visit India to meet him. She even
shared with him the details of the supposed flight and travel plans she would be
undertaking. However, before she could reach the airport, she said she had
experienced a severe issue with customs and immigration at the airport. The lady
informed him that she had large amounts of money and some gifts for him, detained
by the authorities. She told him to make urgent transfers to cover fines and other
charges, so she and her belongings would be released.
 The engineer believed her story and wanted to help. So, he transferred ₹28 lakh in
several transactions into different bank accounts she gave him. After every transfer,
she complained of additional complications and requested more money to rectify that
one. However, after he had sent the money, she disappeared. She stopped answering
his messages and calls, confusing and worrying him at the same time.
 Outcome: Realised that he had fallen into the trap set by the CyberChor, the engineer
immediately reported to the police. On investigation, the lady's profile was established
to be purely fictitious and involved in a ploy of many fraudsters operating to deceive
innocent people through social media and dating sites. The engineer lost his money but
even more seriously felt emotionally cheated. The scam had drained both his bank
account and filled him with a feeling of suspicion toward trusting anyone online in the
future.
 Figure 24 Romance Scam

How Romance Scams Work

1. Building Trust: It all starts with a friendly message. The CyberChor, often posing as
someone attractive and successful, sends messages that are warm and engaging.
They put in time, messaging frequently, sharing life stories, and giving the victim
undivided attention to build a strong bond.

2. Emotional Manipulation: Once trust is established, the CyberChor introduces a

crisis—maybe a sudden medical emergency, a travel mishap, or an unexpected
financial problem. They appeal to the victim’s emotions, asking for help, often in the
form of money or personal information.

3. Escalation and Repeat Requests: After the initial ask, the requests often don’t
stop. The CyberChor might invent new emergencies, each more urgent than the last,
to justify further requests. Emotionally invested, the victim may comply, sometimes
losing thousands before realizing they’ve been deceived.
Other Example: Biswas’ Heart-breaking Experience

Take the case of Biswas, a woman from Kolkata who fell for a romance scam in 2023.
A man on social media, posing as a British doctor, promised her an extravagant gift of
$25,000 in cash, gold jewellery, and the latest iPhone. But to receive this "gift," Biswas
was convinced to pay over ₹1.3 crore (₹13 million) in "processing fees," taxes, and
bank charges over several months. She lost her entire savings, mortgaged her house,
and borrowed from friends, only to later realize the truth. The CyberChor was actually
a Nigerian national in India, living under a fake identity.

And this is just one of many cases. Police reports show that organized gangs use similar
tactics to target hundreds of Indian women, taking advantage of emotional
vulnerability, admiration for foreign lifestyles, and societal pressures, making these
scams particularly damaging.

Figure 25 Protecting Yourself

As these scams continue to rise, staying alert (Figure 25) and cautious about
unsolicited romantic advances online is more important than ever. Remember: true
love doesn’t come with a price tag or urgent financial requests!

2) Lottery and Giveaway Scams

Lottery (Figure 26) and sweepstakes scams are when fraudsters convince people they
have won a big prize. Mostly, they forward fake emails or messages stating that
 someone has won the lottery or a sweepstakes. But there's a hitch here. The "winner"
is to provide personal information or pay a "fee" to receive the prize.

Figure 26 Real Horrifying Incident: Fake WhatsApp Lottery Scam in 2020

 Situation: Messages have been going around on people's WhatsApp accounts all over
India in 2020 saying they have won a huge "lottery" from a well-known company. The
message appears quite official and says that a prize amount of cash to the tune of
millions would be given. It asks for contacting a number or clicking a link so that the
prize money could be received. After the excitement of becoming rich, people basically
believed these messages.
 Action: The unsuspecting victims then acted according to the instruction of the e-mail.
After dialling the number, they were instructed on the phone that for the prize to be
released, a small amount of money had to be paid as "taxes" or "processing charges."
They agreed to the e-mail and remitted the same money through the bank account sent
by the message. After getting the money, there arose demands for more personal
details including those that comprise of information of a bank account, claiming this
was a must to transfer the prize money. However, having made the money as well as
their personal details, the victims did not receive any prize but, rather saw weird
transactions drawn out from their bank accounts and realized that they had fallen
victims of a scam.
 Outcome: The victims lost their money, while in other cases, the fraudsters used their
personal information for various other fraudulent activities. They did not receive a
large amount of money at all; more often, they risked losing it. Many of them felt
ashamed and fearful thinking that they have become victims of CyberChor. This scam
teaches you that if it sounds too good to be true, such as winning a lottery you never
 participated in, then it probably is a scam. Don't open messages requesting your
personal information or money for incredible rewards.
3) Fake News and Misinformation

Fake news and misinformation (Figure 27) involve spreading false or misleading
information to mislead or influence people. It may create confusion, panic, and even
financial losses. The messages are mostly transmitted through social media websites
like Facebook, Twitter, and WhatsApp.

Figure 27 Real Horrifying Incident: COVID-19 Misinformation During the Pandemic

 Situation: COVID-19 Fake News During the Pandemic

Situation: One month or two into the COVID-19 pandemic, false messages and posts
began spilling onto platforms like Facebook, Twitter, and WhatsApp. The messages
claimed to share "important" virus information-the virus's cure, the rules that the
government has fashioned, and made-up news about food shortages. Many of the
messages looked relatively real, using medical terms or pretending to be from official
sources to make people believe they were true.
 Action: Afraid of the virus, people forwarded these messages to their friends and
family without verifying them as true. Others even thought false remedies would save
 them from the virus and bought unnecessary or even dangerous items. Others
panicked over shortages in foodstuff and, hurt the stores and bought more than they
needed. This not only created fear but also caused people to hoard essentials,
rendering them scarce for others.
 Outcome: Fake news created panic and confusion. People were scared and, due to
fear, spent money on fake remedies or stored supplies they didn't need. This led to
empty shelves for essential items in stores and made things generally very pricey. It
also brought confusion to the public to form and believe in facts, hence, which led to
further bewilderment with people. Authorities had to stand up and eliminate all such
myths by telling the people to believe only in what was present on the sites of health
officials and government links. This example is a revelation of how harmful such false
information can prove to be-it created panic as well as real-life issues.
4) Social Engineering Attacks

Social Engineering attacks (Figure 28) make the people provide the private
information like passwords or security codes. Typically, the attacker claims to be a
representative of a company or a recruiter so that the victim can trust him.

Real Horrifying Incident: LinkedIn Fake Recruiters Scam

 Situation: Most people on LinkedIn have claimed to have been receiving

unsolicited messages from some people claiming to be some recruiter or
representative of the most famous companies. They approached the users with
attractive job offers, revealing that the person was shortlisted for an interview
by that company. They used very formal presentations, including company
logos, which were very convincing company logos.
 Action: Believing these messages, some users began to divulge more about
their person, thereby giving out personal data like their home address, number
and even bank information while applying for the "job." In some scenarios, the
CyberChor requesting the download of specific files or links to fill out forms by
some users turned out to be phishing links or install malware.
 Outcome: Most of the victim’s accounts were compromised and their personal
information was misused, while the victims lost the money in these accounts
because of the transactions performed using the information. Some of the
attackers used the data to commit unauthorized transactions, identity theft
 through hacking into the social media, email accounts, or even stealing into
victims' bank accounts. In some instances, the attackers scammed other people
in the network by using LinkedIn profiles. This incidence of dumping private
information to unknown sources without causing anyone to see their damaging
files suggests how easily a person can sell his or her private information to
unknown sources thinking it is the trusted source.

Figure 28 Social Engineering

5) Fake Followers and Bots

Fake followers and bots (Figure 29) are bought to give the perception of social media
that is normally not genuine. A person or company purchases fake followers with their
aim of increasing their visibility. This sums up scams and misrepresentation.

Real Horrifying Incident: Instagram and Twitter Purge

 Situation: In 2019, Instagram and Twitter noticed millions of accounts with an

abnormally high follower count. It consisted of several faked followers and bots
intended to amplify the popularity level of some profiles.
 Action: Instagram and Twitter decided to act by removing millions of these fake
accounts. It is referred to as a "purge," and through it, it was finally revealed that the
majority of its users, even some influencers popular enough, had been using such
false followers to inflate their numbers on social media. When the purge happened,
accounts saw sudden drops in the follower count, exposing the fake popularity these
accounts built up.
 Outcome: Thousands of accounts lost thousands of followers overnight, and such
incidences also destroyed the reputation of many accounts. Some influencers were
publicly called out for fooling their audience and even a few got banned from the
respective sites for violating the terms and conditions. It was an eye-opener for the
simple user who blindly trusted the profiles based on follower count. It also made
people more aware of how CyberChor might use fake followers to lure them into
scams or misleading offers.

Figure 29 Bot

6) Privacy Concerns and the Rise of Digital Scams

With approximately 80% of India’s population using mobile devices, and 75% of them
actively engaged on apps for social, financial, and personal purposes, privacy risks
have escalated. These platforms often require phone numbers and other personal
details, making it easy for scammers and CyberChor to misuse this data.

For example, entering a phone number on apps like Truecaller, search engines, or UPI
platforms can reveal full names and personal information. As privacy becomes more
vulnerable, scammers are taking advantage of these details through various frauds,
including impersonation in job offers, fake investment schemes, digital arrest scams,
and sextortion.

Targeted and Bulk Cyber Frauds

Scammers don’t necessarily need to know each victim individually. They often send
out bulk messages claiming fraudulent activities like “task fraud” in HR roles, job offers,
or fake digital arrests, where recipients are told they’re involved in crimes. For more
targeted frauds, CyberChor leverage data from numerous breaches, which can be
purchased for $3K-$5K on the dark web and integrated via APIs to streamline their
attacks.

A Culture of Trust in Digital Spaces

Even in daily life, we are asked to share personal information, whether visiting an office
or attending a workshop. This digital sharing culture requires a strong sense of trust
among members. In cybersecurity, it’s essential to protect this trust and maintain
privacy.

Stay Updated with Cyber Dost

To keep yourself informed, we highly recommend following Cyber Dost for updates
on cybercrime prevention. The Cyber Dost social media handle, maintained by the
Ministry of Home Affairs, provides regular advice and news on cyber safety. Follow
them here:

 Cyber Dost Twitter: https://x.com/Cyberdost

 Facebook: https://www.facebook.com/CyberDostI4C

 Instagram: https://www.instagram.com/CyberDostI4C

 LinkedIn: https://in.linkedin.com/company/cyberdosti4c
  Telegram: https://t.me/cyberdosti4c

4.7. Reporting Cyber Crimes (for more details please refer to Chapter 6)
If you encounter a cybercrime, report it at cybercrime.gov.in or dial 1930 for
immediate help. Stay proactive in protecting your digital privacy by regularly
reviewing settings and following cybersecurity resources like Cyber Dost.

Quiz 4.2: Common Cyber Frauds Related to Social Media

Q1 Primary risk of engaging in romance scams on social media?

a) Losing followers on social media

b) Falling victim to emotional manipulation and financial fraud

c) Receiving unwanted likes and comments

d) Losing access to your social media account

Answer: b) Falling victim to emotional manipulation and financial fraud

Q2 How do lottery and giveaway scams typically deceive victims?

a) By offering genuine prizes for sharing posts

b) By claiming the victim has won a prize but requiring payment of a fee or sharing of
personal information to claim it

c) By providing instant prizes with no strings attached

d) By asking for likes and follows in return for a prize

Answer: b) By claiming the victim has won a prize but requiring payment of a fee or
sharing of personal information to claim it

4.8. The Solution - Securing Your Social Media

Imagine walking through a marketplace-thoughts being shared by people,
merchandise sold, and communities formed. It all sounds so lively, but not all these
individuals are friendlies. A few are just standing around waiting for the perfect time
to snatch or swindle someone.
That is what social media is-something full of opportunities, but also a place where
CyberChor lurk in the shadows. Stay safe in this marketplace by being careful.

You would not leave your wallet carelessly in a market, right?

So, you cannot leave your personal information carelessly on the Internet. Lock the
doors of your house, just like securing social media-to keep unwanted intruders from
your digital life.

a) Taking Control of Your Social Media: Imagine social media as your personal
space. Every time you share or post something, it leaves a digital footprint. Think of
what you have shared and to whom. You wouldn't go telling your private
information to a stranger but be so cautious about sharing it with whom you could
find online. You are in control of what you are sharing with whom.
b) Keeping the Intruders Away: The Best Version of Yourself on social media, not
everyone on social media is your friend. CyberChor often disguises themselves as
familiar faces or trustworthy companies to fool you into letting them in. Think of
your social media like a gated community where not everyone can come in. Be
careful about who you are connecting with, what links you click, and who you let
into your network.
c) Using Technology to Protect Yourself: Some tools provide security for your social
media accounts. For example, two-factor authentication is like having a security
guard at your door. Any person seeking to get access to your account will need to
give an additional form of identification, thus fending off the intentions of potential
intruders. Applying those tools is not just an advantage; it's quite vital for keeping
you safe online.
d) Taking a Break and Reflecting: Sometimes, it just pays to stop a moment and think
of how one is using social media. Do you put out too much? Are you connecting with
people you trust? A break from social media can help you understand yourself and
the changes that are necessary for you. It's about taking some time out to clean up
your digital space, and then ensuring everything fits into proper order.
e) Learning from Others' Mistakes: There are always stories of people who fall prey
to problems that arise from their social media posts. These lessons abound. For
instance, someone being passed up for a job due to a post a year ago to someone
 who falls prey to a scam, such episodes remind us to be careful. And in learning from
these experiences, we avoid the same mistake.
f) Your Digital Hygiene Kit: We should be treating social media security like a
hygiene kit. We wouldn't go to a remote place or town without soap and a
toothbrush, so we shouldn't be joining social media or posting on it if we are not
secure. It means keeping an eye on your privacy settings, being careful with the
things you share, and knowing scams. It's taking small steps to have the right digital
safety.
How to Limit Instagram from Tracking Your Activity?
Instagram, like many social media platforms, tracks user activity to personalize ads
and content. While this can be convenient, it also raises privacy concerns. Here are
steps to limit Instagram’s tracking:
i. Limit Permissions for Instagram: In your phone settings, find the Instagram app
and adjust permissions (e.g., turn off location and access to photos and contacts).
ii. Disable Ad Personalization: Go to Settings > Ads on Instagram and choose to
Limit Ad Tracking. This reduces Instagram's ability to target ads based on your
behaviour.
iii. Clear Search History Regularly: Regularly clearing your Instagram search history
can reduce the amount of data Instagram stores about your interests.
iv. Use a Browser with Privacy Extensions: When browsing Instagram on a desktop,
use privacy-focused browser extensions to limit tracking cookies and data
collection.
v. Consider Using Instagram's Web Version Anonymously: Access Instagram
through a browser in incognito mode, which limits how much data is saved from
your sessions.
vi. Review Data Usage Permissions in Privacy Settings: In Settings > Security >
Data and History, you can manage how Instagram collects and stores data about
your activity.
vii. Check Recent Tracking Activity via Help Center: Go to Help Center > Your
Information and Permission>Your Activity of Meta Technologies> Recent
Activity. Here, you can view recent tracking activity and delete it. To prevent future
tracking, adjust your settings accordingly.
g) Empower Yourself with Knowledge: Securing your social media means
empowerment. Knowing the latest scams and how social media works empowers
you to gain control over your online life. You become an active guardian of your
digital life, using your knowledge to stay safe. Thus, knowledge helps in keeping a
shield of security from being tricked by CyberChor.
h) Parental Controls – A Shield for Young Users: The best way to limit a child or
teen's use of mobile phone or social media for families is parental controls. Parental
controls allow parents to monitor what their children do online, track the amount
of time spent on screens, and filter out bad stuff. A lot like an extra layer of
protection for a child is parental controls- people who'll scam them online,
cyberbullying, and hurtful content. Applying these controls can help parents ensure
their children use social media in a secure and responsible manner.

Being smart and aware secures your social media. Not being in fear but making sure
your online world is a safe place where you can link and share without any worries.

Identifying Fake Facebook Pages

Since Facebook is now the most impersonated website of phishing CyberChor, it is

important to know how you can identify fake FB pages. Fox 13's recent report provided
some of the methods you can try:

 Always check if the posted photos on the Facebook page are fewer compared to the
legitimate social media platform.
 Check the timeline it was created. If the page was published no more than a year,
then that's definitely a fake one.
 The names of fake Facebook accounts can also be used to identify them. If the name
of a page or an account you are accessing combines popular names, such as "John
Brown," then there's a high chance that online attackers create it.

Important LinkedIn Privacy Setting Alert! 🚨

With the increasing concerns around data privacy on social media platforms, it is
essential to stay aware of new changes. Recently, LinkedIn made an update that affects
your personal data and content:
 LinkedIn has automatically opted users into allowing their data to be used for
training its Generative AI models. This is done without explicit, informed consent
from users, a practice often referred to as a "Dark Pattern."

Figure 30 Fake Mails

To ensure your privacy, review your settings:

 Go to LinkedIn Privacy Settings > Data Privacy > Data for Generative AI
models and adjust according to your preference.

Questions to Consider:

1. Did LinkedIn notify us clearly about this change?

2. Are we comfortable with our personal data being used for AI development
without an explicit opt-in?

4.9. What to Do If You Are Cyberbullied/ Cyber Trolled

Social media is the place where you interact with your friends, share your lives, and
even let out what's bugging you. Sometimes, it can become that sad place with hurtful
 behaviour, like cyberbullying or trolling. What is considered cyberbullying? How
should I react in case of cyberbullying?

1. Recognize the Signs: Cyberbullying and cyber-trolling can manifest under the guise
of several behaviour patterns. It may appear to be vicious comments, false rumours
about you, sexual rumours or spreading your private information without
permission, or posting forged profiles just to mock or harangue you. Knowing what
that behaviour looks like is the first step in dealing with that.
2. Stay Calm and Don’t Engage: Your instinct will tell you to react or retaliate, yet this
is what bullies crave attention. Remain calm and control yourself from responding
promptly. Trolls love to provoke a reaction out of you. So, by not reacting, you take
away the very thing they have been seeking to upset you.
3. Document and Record Everything: If people are sending you messages or
comments that harass you, take a screenshot of them. The more evidence this record
can be if you ever must go to the platform or possibly the authorities on the situation.
Having evidence of what has occurred can be valuable in your proof.
4. Use Social Media Safety Features: Most social media companies have developed
intrinsic controls to help safeguard users from harassment:
 Block or Mute: Blocks the bully or troll from being able to see your posts or
contact you. Muting will let you quit seeing comments from that person or stop
viewing their posts without them knowing.
 Report Abuse: You can report the behaviour to the service, such as Facebook,
Instagram, or Twitter. They can investigate it and determine whether they should
eliminate the post or ban the bully's account.
 Adjust Privacy Settings: Make your account private. Only approved people see
your posts so that you can decide who interacts with you.
5. Seek Support: Cyberbullying makes you feel alone, but don't forget, you are not. If
you have such friends or family, share this with them. Or, if not, seek out a counsellor.
They can support you, listen to you, and help you survive this phase of life.
6. Report to Authorities if Needed: If the cyberbullying is threatening or illegal, you
should report it to the police. Most countries have laws against Internet harassment.
Give this evidence to them so they can take appropriate action if necessary.
7. Take a Break: If things get unbearable, then you can put a gap between yourself and
social media. This will allow you to think or even look after those things that you are
doing well, such as spending time with the family, hobbies, or even just relaxing.
8. Secure Your Account: If bullies have gained access to your account, then do this right
away:
 Change Your Password
 Enable Two-Factor Authentication (2FA)
 Check for Unauthorized Access: Look through your account settings to see if
anything has been changed without your knowledge, like new posts or messages
you didn’t write.

(Note that you have the right to be safe and be treated with online respect. When you
face cyberbullying or trolling, take control of yourself and seek help to get out of that
scenario.)

Incident Example: Fighting Back Against Cyberbullying

Veena, a well-known actress, experienced cyberbullying on social media.

Anonymous individuals created fake profiles and posted offensive comments,
spreading malicious rumours that affected her mental well-being.

 Action: Veena took the matter seriously and decided to confront her cyberbully. She
documented the abusive comments and reported the fake profiles to the social
media platform. Additionally, she spoke out about her experience publicly to raise
awareness about the harmful impacts of cyberbullying and sought the support of
her family and close friends during this challenging time.
 Outcome: The social media platform removed the fake profiles and offensive
content. Veena’s public stance on cyberbullying inspired others to stand up against
online abuse. By sharing her story, she empowered herself and others, raising
awareness and strengthening her resilience to handle online negativity.
 In a nutshell, if you experience cyberbullying or cyber-trolling on a social
networking site, report it immediately.
Always remember that one never has to engage in this struggle alone; you have the
capabilities of using the functions of the site and platform, seeking assistance from
people whom you can trust, and involving authorities when needed. Make your
 mental health the priority you must take care of and strive for safe online
interactions.

Quiz 4.4: What to Do If You Are Cyberbullied/Cyber Trolled

Q1 Initial response when dealing with cyberbullying or trolling on social media?

a) Immediately engage with the bully and respond aggressively

b) Stay calm and avoid responding to the bully

c) Delete your social media account right away

d) Share the situation publicly to get attention

Answer: b) Stay calm and avoid responding to the bully

Q2 What should you do to document cyberbullying for future reporting?

a) Ignore the messages and hope they stop

b) Take screenshots of the messages or comments as evidence

c) Report the person without saving any evidence

d) Block the person immediately without documenting anything

Answer: b) Take screenshots of the messages or comments as evidence

4.10. Key Learnings for Securing Your Social Media

Being in this world today, social media forms a very big part of our everyday lives. Some
of us share here what we think, keep up with friends, and show what's going around. Just
like you wouldn't leave your home unlocked, you must protect your online life. Here are
simple things to look out for so that you don't compromise enjoying social media:

1. Be Aware of What You Share: Social media makes it easy to share moments. However,
not all moments need to be public. Think hard about what you post, photos, location and
personal details may say more than you know. Once shared, it's tough to take back, so be
sure you like what the world will see.

2. Think Before You Click: The internet had many interesting links and offers, along
with friend requests. Not everything, however, was safe. I learned to think before
clicking on that link or accepting a friend request from someone I did not know. If it
looked suspicious or too good to be true, it probably is. Taking a moment to double-
check can save you from scams and viruses.

3. Keep an Eye on Privacy Settings: Social media sites often change their rules about
privacy. Just because your stuff is private today does not mean it will remain that way.
You should regularly check and update your privacy settings to limit who sees your
posts and personal information. That's like checking the locks on your doors—just
plain necessary to maintain the security of your space.

4. Protect Your Identity: Your online identity is a part of you. Like you protect your
ID card or credit card, you need to protect your online identity. Ensure that your
passwords are strong and avoid publishing information such as your home address,
phone number, or financial information on social media. These help in preventing
someone else taking up your identity for malicious purposes.

5. Act Fast if Something Seems Wrong: If something does come up on your accounts
that you didn't have to do—like messages that you never send or posts that you never
posted—then act fast. Change your passwords, report the issue to the platform, and
start securing your account. It's like catching a tiny leak before it becomes a flood—
acting fast can prevent bigger problems.

6. Keep Learning and Stay Informed: The digital world is one where things are
constantly changing, just like the tricks being used by CyberChor. Keep informed about
the latest online safety tips and be on the lookout for common scams.

7. Encourage Safe Habits in Others: Online safety isn’t just about you. Remind your
friends and family to be careful, too. Share tips on how to set privacy controls, avoid
scams and report harmful activity. Look out for each other and make the online
community safer.

8. Share Mindfully: It's fun to share life events like vacations, new jobs, or daily
routines. But before you post, think about the details you're sharing. For example,
posting about a trip can let others know you’re not home. Always consider how the
information could be used and who might be seeing it.

9. Enjoy Social Media But Stay & Remain Secure: Social media is meant to be fun and
connecting. Still, we must balance openness with some caution. It does not mean you
 cannot enjoy social media; rather, that you are merely protecting yourself while
enjoying it.

With these three simple steps, you can then enjoy the best of social media with yourself
safe. You can now share, connect, and explore with confidence and by knowing that
you are taking care of your digital life.

Quiz 4.5: Key Learnings for Securing Your Social Media

Q1 Importance of regularly checking the social media privacy settings?

a) To make your profile more public

b) To control who can see your posts and personal information as privacy rules can
change

c) To delete all your posts regularly

d) To increase your followers

Answer: b) To control who can see your posts and personal information, as privacy
rules can change

Q2 Steps if you notice unusual activity on your social media account, such as
posts or messages you didn’t make?

a) Ignore it and hope it stops

b) Change your password and report the issue to the platform

c) Deactivate your account permanently

d) Post about the issue to warn your friends

Answer: b) Change your password and report the issue to the platform

4.11. “Your 5-Minute Digital Lockdown” – A Quick Cyber Safety

Routine
Most people think cybersecurity is complicated. This section gives you an easy,
daily/weekly checklist — like brushing your teeth, but for your phone!
5-Minute Digital Lockdown Routine
 Task When to Do It Why It Matters
🔄 Update phone & Weekly Fixes security gaps hackers exploit

apps
🔐 Check app Monthly Stops apps from accessing your camera,

permissions mic, etc.

🧳 Clear cookies & Weekly Reduces digital fingerprint

history
🗂️ Delete unused apps Monthly Frees space + closes hidden access
points
📤 Backup important Weekly Prepares you for worst-case scenarios
data

Cyber hygiene is just as important as personal hygiene.

4.12. “Cyber Kavach for Families” – A Smart Home Cyber Plan
Cyber Kavach for Families – Build a Cyber-Safe Home

 👨👩👧👦 Create a family cyber code: Agree on rules like “no clicking unknown
links,” “always verify UPI before paying,” etc.
 Educate kids and elders: Use short videos, simple language, and relatable
examples to explain frauds.
 Enable parental controls: Use built-in features or trusted apps to monitor
content & downloads.
 🔐 Use a password manager: Don’t store passwords in WhatsApp notes or
diaries.
 Hold a monthly cyber drill: Sit together and discuss one new scam & how to
avoid it.

4.13. Social Media Security Checklist: Do’s & Don’t

Aspect What to Do What Not to Do
Profile Privacy Set profiles to private or friends- Avoid making all posts public.
only.
Authorisation Use strong, unique passwords for Don’t reuse passwords across
(Passwords) each account. multiple platforms.
Friend Requests Verify the identity of friend Don’t accept requests from
requests. strangers.
Links and Be cautious when clicking on Don’t click on links from unknown
Attachments links. sources.
Privacy Settings Regularly update your privacy Don’t ignore platform privacy
settings. options.
Posts and Shares Share personal information Don’t overshare private details
cautiously. online.
Account Regularly check for unauthorized Don’t ignore login alerts or
Monitoring activities. unusual activity.
Reporting and Report and block suspicious Don’t engage with harassers or
Blocking accounts. CyberChor.
 Education and Stay informed about social media Don’t underestimate the risks of
Awareness threats. online scams.

You can dramatically reduce online fraud, identity theft, and cyberbullying by incorporating
these key learnings into your daily social media habits. It will prevent the criminal minds
from penetrating into your life and allow you to enjoy the benefits of social media with a
secure and positive online presence.

4.14. What's Coming Next - Safeguarding Your Digital Future

Social media is just the beginning! We will then explore into this digital world with you, on
how to protect your child when using online platforms and tools using parental controls,
hence guaranteeing a safer social media experience. We will also guide you through data
privacy and your rights in such a world where the only currency is personal information.
Plus, we’ll explore the latest digital threats, offer tips to avoid new scams, and examine how
emerging technologies will impact your online life. Get ready for more insights and practical
strategies to secure your digital future!

Chapter 5: Safe Online Financial Transactions

"How to Protect Your Money in the Digital World"

Today, most of us use our phones and computers to send money, pay bills, shop online,
and even invest. Digital payments like UPI, online banking, and credit/debit cards have
made life easy—no longer queues at the bank or carrying cash everywhere.

But as online transactions (Figure 31) grow, so do the risks. Scammers, or CyberChor
(digital thieves), are always looking for ways to steal money. They trick people using
fake payment links, QR code scams, phishing emails, and even ATM frauds. These
frauds can happen to anyone, whether you're new to online banking or an experienced
user.

What This Chapter Covers:

 i. How online transactions work and their risks.
ii. Common scams you need to watch out for.
iii. Real-life fraud stories and lessons learned.
iv. Simple steps to keep your money safe.
v. What to do if you get scammed.

By the end of this chapter, you’ll know how to use digital payments safely and outsmart
scammers.

Because in today’s world, staying alert is the best way to protect your money! 💰🔒

Figure 31 Safe Online Financial Transaction

The Convenience of Online Financial Transactions

Gone are the days when people had to stand in long queues at the bank just to deposit
a check or withdraw money. There was also a time when everyone carried cash for
even small purchases.
But today, things have changed! With just a few taps on your phone or computer, you
can send money, pay bills, shop online, and even apply for loans—without ever
stepping into a bank.

Online banking (Figure 32) has become a part of our daily lives, making financial
transactions quick, easy, and secure. Whether you are shopping, paying bills, or
transferring money to family or friends, everything can now be done in seconds!

Figure 32 Convenience of Online Banking

5.1. Types of Online Financial Transactions

There are many ways (Figure 33) to manage money online. Here are the most common
ones:
 Figure 33 Types of Online Financial Transaction

I. Net Banking (Internet Banking) 💻

 Allows you to access your bank account online anytime.

 You can transfer money, pay bills, or apply for loans without visiting a bank branch.

II. UPI (Unified Payments Interface) 📲

 UPI lets you send and receive money instantly using your mobile phone.
 Apps like Google Pay, PhonePe, and Paytm make UPI payments even easier.

III. Credit & Debit Cards 💳

 Credit cards let you buy now and pay later, while debit cards deduct money directly
from your bank account.
 Cards like RuPay, Visa, and MasterCard make online and offline payments safe
and convenient.

IV. ATMs 🏧
  ATMs let you withdraw cash, check your balance, or deposit money without
visiting a bank.
 Available 24/7, making banking more convenient.

V. Payment Gateways (e.g., Razor Pay, PayPal) 🌐

 These platforms help businesses and customers make secure payments online.
They support credit cards, UPI, and other payment methods, making transactions safe
and smooth.

With all these options, handling money has never been easier. But while online
transactions save time and effort, they also come with risks. That’s why it’s important to
stay alert and use safe banking practices—which we’ll cover in the next sections.

5.2. Challenges of Online Banking

Online banking has made life easier and faster, but it also comes with certain risks and
difficulties (Figure 34). While sending money, paying bills, or shopping online is
convenient, there are some problems users should be aware of.
 Figure 34 Problems with Online Banking

i. Online Scams & Fraud 🚨

✔ Scammers use fake messages, emails, and phone calls to trick people into sharing
their OTPs or bank details.
✔ If you're not careful, your money can be stolen in seconds.
Example: You get a message saying, “Your bank account will be blocked. Click this
link to update your details.” If you enter your details, scammers steal your money.
ii. Hacking & Data Theft 🔓
 ✔ Hackers try to break into bank systems and steal customer information.

✔ If your bank or payment app gets hacked, your personal and financial details can be
at risk.
Example: A major e-commerce website gets hacked, and thousands of customers’ credit
card details are leaked.

iii. App or Website Not Working ⚙️

✔ Sometimes, banking websites or UPI apps crash due to technical problems.

✔ You may not be able to send money, check your balance, or complete payments.

✔ Example: You try to send money using UPI, but the transaction fails, and your money
is stuck for hours or days.

iv. Slow or No Internet Connection 🌐

Online banking needs a good internet connection.

✔ In places with poor network coverage, payments can fail.
Example: You try to book train tickets, but due to a slow connection, the payment doesn’t
go through, and you lose the seat.

v. Difficult for Elderly & Non-Tech Users 📱

✔ Many people, especially senior citizens or those unfamiliar with technology, find it
hard to use banking apps.
✔ They may accidentally press the wrong buttons or fall for scams.

✔ Example: An elderly person downloads a fake banking app, thinking it’s real, and
enters their bank details. Scammers then steal their money.

vi. Hidden Fees & Extra Charges 💰

✔ Some banks charge fees for money transfers, ATM withdrawals, or account services.

✔ Many people don’t check these charges and end up paying more.
 ✔ Example: You withdraw cash from an ATM of another bank and get charged ₹25
without realizing it.

Figure 35 Challenges of Online Banking

5.3. How Online Financial Transactions Hit Our Daily Lives

Online payments have made life easy and fast. We no longer need to carry cash, stand
in long bank queues, or visit bill payment centres. With just a few taps on our phone or
computer, we can pay bills, shop online, send money, book tickets, order food, and even
invest—all from the comfort of our home. It saves time, is super convenient, and
provides a digital record of transactions. However, while online banking is safe when
used correctly, there are risks like frauds and scams, so it’s important to stay alert and
follow safe banking practices to protect our money.

5.4. Challenges of Online Financial Transactions

Managing money online is now easier than ever—we can pay bills, shop, and send
money with just a few taps on our phones or computers. But while online banking is
fast and convenient, it also comes with risks.
CyberChor (online thieves) are always looking for ways to steal money and personal
details by tricking people or finding weaknesses in digital banking systems. Scams like
fake payment links, phishing emails, OTP fraud, and hacking can put your money at
risk.

To stay safe, we must understand these risks and learn how to protect ourselves. This
section will explain the common dangers of online transactions and simple ways to
keep your money secure.

Common Risks in Digital Financial Transactions

1. Skimming Attacks

Skimming (Figure 36) is a sneaky way to steal your card information from ATMs and
Point-of-Sale Terminals in Malls, etc. Cybercriminals install devices to capture card
details and sometimes use hidden cameras to record PINs.

Imagine you're going about your day, using an ATM in a busy area of your city to
withdraw some cash. Everything seems normal. However, what you don't realize is
that someone has copied your card details by secretly installing a skimming device on
that ATM. This is exactly what happened in Delhi back in 2019.

Real Horrifying Incident:

The Delhi ATM Skimming Scam: Chor targeted multiple ATMs across the city,
especially those in crowded areas. They attached skimming devices to these
machines—small gadgets designed to steal card information. When people used these
ATMs, the devices quietly captured their card details and PINs without raising any
suspicion.

The Impact: Over 70 people fell victim to this scam, collectively losing around ₹18 lakh
(approximately $25,000). The Chor used the stolen information to create cloned cards,
allowing them to withdraw money from different locations. To avoid detection, they
made small, scattered transactions that didn't immediately raise red flags.

Several days passed before the victims of this fraudulent scheme realized something
was amiss. This was due to the small nature of the fraudulent transactions and the
spacing between them, so no one noticed them initially. When the victims finally
figured out what was going on, the Chor had long run away with their money.

This incident also reminds us how sly these types of scams can be. At the same time, at
ATMs, it is of great importance to be cautious, especially where the ATM is in public or
very accessible places. The slightest clue on the card slot would be a reason for alarm,
and a keypad must always to be covered before punching into the PIN. If something
doesn't seem right, don't give in to temptation; take your business elsewhere.

How it Works: They attach a small device called a "skimmer" to ATMs or point-of-sale
(POS) terminals to capture the data on your credit or debit card. When you insert your
card into an ATM or swipe it through a tampered POS terminal, the skimmer captures
your card details. Chor can thus use this information to reproduce or make
unauthorized transactions using your card, leaving your account almost empty.

Figure 36 Skimming Attacks

2. Fake Cashback Links: A trap in fake cashback links (Figure 37) scam makes a
person believe that he has won a reward. Messages or emails claiming their linking to
a reward cashback sent with links or QR codes to claim the same send them messages
asking for the entry of UPI PIN for claiming it.
 Real Horrifying Incident: In 2021, through many fake cashback scams, people across
India were being targeted as CyberChor were sending messages to many people stating
that the recipient had won cashback. These messages often looked convincing,
mimicking official banking notifications. When victims followed the provided links,
they were directed to phishing websites or fake apps that asked for their UPI PINs.
Once the CyberChor had these details, they quickly made unauthorized withdrawals,
leaving many people with drained bank accounts.

 Situation: Imagine Shruti, who receives an unexpected message on her phone. It tells
her she's won a cashback reward and includes an official-looking link to claim her
prize. Excited about the thought of free money, Shruti decides to check it out.
 Action: She clicks on the link, which takes her to a webpage that looks almost exactly
like her bank's official website. It requests her UPI PIN to verify her identity and claim
the cashback. Trusting the appearance of the page, Shruti enters her PIN without a
second thought, believing she's about to receive a nice bonus.
 Outcome: Unfortunately, the moment Shruti enters her UPI PIN, the CyberChor
capture her banking credentials. Instead of getting a reward, Shruti soon discovers that
money has been withdrawn from her account. Realizing she's been scammed, Shruti
quickly contacts her bank to report the fraud and secure what remains of her funds.
She's left feeling shaken and stressed, learning a hard lesson about how convincing
these scams can be.

Online financial transactions are quite dangerous. CyberChor continue changing their
ways of manipulation: phishing scams, fake apps, identity theft, and skimming devices-
that take advantage of the convenience of digital banking to fool users into giving
access to information about themselves. Know the dangers listed below to avoid their
tricks.

Challenges:

 Trust and Authenticity: Such emails are so convincing, that even vigilant customers

like Kavita can fall for them. Fraudsters attach professional-looking logos and words
 that mirror a real bank's language, which is very challenging to delineate between real
and fake messages.
 Urgency and Fear: The email Kavita received warned of immediate security threats,

creating a sense of urgency. This pressure made her feel that she needed to act quickly
to protect her account, leading her to skip important verification steps.
 Lack of Awareness: Although Kavita was vigilant, she was not aware of this

sophisticated type of fraud. Generally, people are not aware of how criminal gangs can
create twin applications identical to the ones given by their banking institutions. This
makes it more vulnerable to online fraud.

Figure 37 Fake Cashback Links

Quiz 5.1: Challenges related to online Banking Frauds

Question 1: A major risk associated with online financial transactions?

A) Low transaction fees

B) The potential for unauthorized access to your bank account
 C) Instant transaction processing
D) Account rewards

Answer: B) The potential for unauthorized access to your bank account

Question 2: What is a common sign of a fake banking app?

A) It is only available on the official app store

B) It asks for excessive permissions unrelated to banking
C) It has numerous positive reviews
D) It is from a well-known bank

Answer: B) It asks for excessive permissions unrelated to banking

5.5. Common Cyber Frauds Related to Online Financial Transactions

While online banking has made managing money easier and faster, CyberChor (digital
thieves) have also found new ways to scam people and steal money. They use tricks
like phishing emails, fake QR codes, and identity theft to fool unsuspecting users.

In this section, we will explore some of the most common online financial scams, how
they work, and real-life examples to help you understand these frauds and avoid falling
for them. Being aware of these scams is the first step to protecting yourself from
financial fraud.

Phishing Emails from 'Banks' (For more details, please refer Chapter 3)

This is one of the tactics used by thieves to grab one's personal banking details.
Phishing emails from the "banks" are mainly elegantly crafted messages presented
under the banner of a legitimate bank, along with the official logos and words that urge
acting immediately. The emails may contain information stating that there is an issue
with your account, you are bound for an update, or your account might have been
credited with some extra money unexpectedly. Such emails contain malicious links or
sometimes ask for password/OTP which forces you to reveal the access details of your
bank accounts.

Real-Life Incident:
 The beginning of 2021 witnessed a coordinated phishing scam based on Trust and
Urgency targeting many people residing in Mumbai. Many received a call from
different people, individually claiming to be a representative of the bank or Amazon
customer service. The fraudsters informed the victims that they had overpaid on their
latest purchases from Amazon and that they were to be refunded. To affect this
"refund," the callers asked for bank account information or requested the victims to
download remote access applications such as "Any Desk" or "TeamViewer."

 Situation: Ramesh receives a call from someone claiming to be a customer care

executive at his bank. The caller informs him that extra money has been charged in one
transaction recently and that he is eligible for a refund.
 Action: The caller requested him to give the bank account details and an OTP
generated by his bank on his phone. Though Ramesh finds the caller very convincing,
he shares the required details with him.
 Outcome: Rather than obtaining a refund, Ramesh to his shock, discovered that his
bank account had been drained within no time. The CyberChor used the OTP for
unauthorized transactions, which put Ramesh at a serious financial loss.

b. QR Phishing Attack (One of the methods of Phishing Attack)

This type of phishing attack (Figure 38) makes use of the fact that people trust QR
codes as it manipulates them into giving entry to facilitate fraudulent transactions.
Usually, the CyberChor comes along, masquerade as buyers and send fraudulent QR
codes to victims, convincing them that the code will facilitate a payment; however, in
this case, the QR code will allow the attackers to withdraw money from the victim's
account.

Real- Life Incident:

In 2021, after Harshita Kejriwal, daughter of Delhi Chief Minister Arvind Kejriwal,
posted a sofa online to sell, she got an SMS from the buyer for payment through a QR
code, a thing that she naively did, leading to Rs 34,000 being withdrawn from her
account.
Yet another victim of this scam was an Indian Institute of Science, Bengaluru professor
selling his washing machine online. A buyer sent him a QR code, promising quick
payment. Upon scanning, Rs 63,000 was fraudulently transferred out of his account.
 Figure 38 QR Phishing Attack

c. UPI Frauds - Fake UPI and Payment App Scams

It has become surprisingly easy to transfer money with UPI (Figure 39). However,
there is a risk involved with this too. CyberChor have easily taken advantage of these
digital payment systems. They create fake applications or use other deceptive means
to steal the user's banking credentials or get them to authorize some fraudulent
transactions. They take advantage of people's trust in the system and the convenience
of UPI transactions to siphon off the money from their accounts.

Real-Life Incident:

Here's a very common kind of UPI scam which has been fooling many people. So,
basically, there would be an instance of ₹10 being credited into your UPI account. And
you'll be confused about why someone has paid that much amount. And then, you will
receive a call or message that it was done "by mistake" and request to get a refund.

 Situation: Anil suddenly receives a message on his mobile phone stating that the
account was updated with ₹10 rupees deposited in his UPI account. He finds it unusual
 but does not think any further about it. Shortly after this incident, he gets a call from a
stranger who sounds quite worried and apologetic.
 Action: Wanting to help and feeling a bit sorry for the caller, Anil agrees. He opens his
UPI app and follows the instructions given over the phone. Out of kindness, he sends
₹100 back to the person, believing he’s just doing a good deed. In doing so, he
unknowingly granted the CyberChor access to his account.
 Outcome: As soon as Anil authorizes the transaction, things start to go wrong. When
Anil was away, this gave the chance to the CyberChor to withdraw several amounts of
money from Anil's account. In the process, lots of money were stripped off. By the time
Anil knew that something had wrong, it was too late. His account was nearly emptied,
leaving him in shock over how a small act of kindness led to a financial nightmare.

Figure 39 UPI Frauds

d. Unauthorized Transactions and Identity Theft (To know more about the
Identity Theft, please Refer to Chapter4)
Unauthorized transactions and identity theft involve CyberChor employing
sophisticated methods to impersonate individuals and misuse their personal
information. These schemes typically fall into two main categories:

 Sophisticated Identity Theft: Fraudsters can go to great lengths, including

forging documents and impersonating others, to steal personal and financial
information.
 Multi-layered Scams: These scams often involve using stolen data for various
fraudulent activities, from making unauthorized purchases to opening accounts
in the victim's name.

The David Matthew Read Case (2018)

In 2018, David Matthew Read and his accomplice, Marc Higley, impersonated the
personal assistants of a well-known actress to exploit her no-limit American Express
card. Mathew Read acquired the actress's social security number and other personal
details online and then used this information to request a replacement card from
American Express. He impersonated her assistant to retrieve the card from a FedEx
facility using a forged ID badge. Over five weeks, they spent over $169,000 on luxury
items. They were eventually caught after Read used both the stolen card and his
personal card during a transaction, leading to surveillance footage capturing them
using the stolen card in stores. In the end, both were convicted and sentenced, with
Read receiving a longer prison term due to previous offences.

 Situation: David Matthew Read and Marc Higley, pretending to be personal

assistants to actress Demi Moore, contacted American Express to report that
she had lost her no-limit card. He then forged an ID badge to impersonate her
assistant and retrieved the new card from a FedEx facility.
 Action: They used the stolen card to shop for luxury items across New York,
spending over $169,000 within five weeks. Matthew Read used the card
alongside his own, making it easier for authorities to link the fraudulent
transactions to him.
  Outcome: Both were caught and sentenced, with Read receiving several years
in federal prison and Higley being sentenced to 14 months in a halfway house.
They were also ordered to pay restitution. This case highlights the danger of
identity theft, where Chor can use stolen personal details to impersonate
victims and carry out fraudulent activities.

5.6. Digital Financial Transaction Fraud – Types (Figure 40)

Figure 40 Common Financial Cyber Threats

1. Phishing (Refer to Chapter 3)

Real-Life Incident:
During 2020, one phishing scam perpetrated against Indian bank customers by
spurious emails and messages grabbed headlines of enormous proportions. One of the
operations, known as "Elibomi," seemed to mimic an official banking application and
web page, mainly targeting Android users. The malware in that operation was
sophisticated enough to turn off security on compromised devices, siphon off personal
and financial information without being noticed. The other scam that was sent to the
SBI customers in an SMS requested them to click on a link to redeem credit points it
accumulated, though they were directed to a phishing website that could collect all
their personal and banking details.

 Situation: Ravi who frequently uses Internet banking, receives a text message
ostensibly from his bank's notification system. His bank informs him to redeem his
credit points fast or forfeit them for all time. Again, there's an accompaniment link,
this time with all the frills of his bank - complete with slogans and urgent imperative.
 Action: Worrying about losing credit points, Ravi clicks the link without thinking. It
takes him to a site which looks just like his official bank website. Not even for once
does he think before entering his personal details, which includes account number,
card details, CVV, and even the OTP sent on his phone, thinking this way, he is
protecting his account.
 Outcome: Unfortunately, the site was a very good phish-nabbing site that would
steal his information. All these details facilitate the CyberChor easy and swift
access into Ravi's bank account for them to initiate fraudulent dealings. In a matter
of minutes, he loses all his saving money. For instance, Ravi only detects the scam
when his money is wiped out, while the fraudsters are now gone and have
transferred the money. This leaves him battling to compensate for the financial
loss as well as find a way to secure the accounts that the CyberChor have gotten
hold of.

2. Wire Fraud

Wire fraud refers to the swindling scam that seems to present an individual in making
transfers to wrong accounts through dubious communications via phone, fake e-mails
or even other online sites. They usually create a sense of urgency and make the
recipient believe that such a transfer must be done quickly to save money.
 Real Incident: In 2019, a large wire fraud case in India made headlines when
CyberChor impersonated bank officials. They sent out emails and made phone calls
to bank customers, claiming there was a "security breach." They instructed these
individuals to transfer their money to a "secure" account to keep it safe. Using
advanced techniques like spoofing official phone numbers and email addresses, the
CyberChor made their story seem believable. Many victims feared losing their
savings; they hesitated less, but lost money following instructions.
 Situation: Carefully, Maya checks her e-mail. To her alarm, an e-mail has arrived,
purporting to be from her bank. It warns of a major system breach and suggests
that she quickly wire her money into a "secure" account, or she risks losing it.
 Action: Worried about the safety of her savings, Maya decides to act immediately.
She follows the instructions in the email and wires the money to the specified
account. The email even includes a phone number for "verification," which is part
of the scam. Feeling like she's doing the right thing to protect her finances, she
completes the transfer.
 Outcome: Unfortunately, the funds go straight into the CyberChor's account. Later,
when Maya contacts her bank to check on the situation, she finds that the bank
never sent such an email or requested anything like that. Then, the CyberChor
would have already withdrawn the money and gone into the blue yonder. Maya had
a huge financial loss along with a bitter realization that she had fallen prey to a
smartly designed scheme of wire fraud.

3. Account Takeover Fraud

Account Takeover Fraud Here, the Chor gain unauthorized access to a user's online
accounts for money theft or identity theft. It is commonly carried out through phishing
attacks or exploiting weak passwords.

Real-Life Incident: The bad guys did this back in 2020 when they sent phone alert
messages to many bank customers stating that their bank accounts were frozen
because of "suspicious activity." The phishing links in the message made people reveal
their login credentials, which the CyberChor used to take control of several accounts.
Here, money and personal data were robbed.
 Situation: Rajiv, a careful bank customer, receives an urgent notification on his
phone saying that his bank account has been locked due to suspicious activity. The
message looks official and includes his bank's logo. It urges him to click a link to
reset his password immediately so he can regain access to his account.
 Action: Worried about losing access to his money, Rajiv clicks on the link, which
takes him to a website that looks exactly like his bank's official site. Without
thinking twice, he enters his username, password, and other personal information
to reset his account. What he doesn’t realize is that the website is fake, set up by
CyberChor to steal his login details.
 Outcome: With Rajiv's credentials in their hands, the fraudsters quickly change his
account password, locking him out of his own bank account. They then proceed to
transfer all his funds to another account, emptying his savings within minutes. By
the time Rajiv discovers what's happened, the damage is already done. He is now
left with the challenge of reporting the fraud and trying to recover his lost money,
realizing how easily one can fall victim to these sophisticated scams.

4. Chargeback Fraud

Chargeback fraud happens when someone orders an item online but then claims to
never have received it, or even that it was some kind of unauthorized order. This scam
allows the buyer to receive a refund at merchant’s expense.

Real-Life Incident: Product Refund Scams

Online retailers lost thousands of dollars in 2019. Customers bought expensive

electronics but afterwards stated that they never received them. The proof of delivery
had been issued by the retailer, but the customers filled a chargeback with their banks
stating the fact that they hadn't delivered items or that purchases occurred under
someone else's cards. The retailer spent thousands of dollars and lost the merchandise.

 Situation: Suppose a customer order an online expensive gadget through an online

store. The store processes the order and dispatches the product. Once the customer
receives the gadget, they contact their bank and say they never got the item or that
the charge was made on an unauthorized card.
 Action: This bank does to avoid any dispute between the customer and the bank
over the chargeback. What this results in is that the bank refunds the customer and
 then gets back the money from the retailer. It does this even when the retailer has
solid evidence that the gadget was delivered but cannot receive the refund since
most of the time, the banks support the customer's chargeback.
 Outcome: The CyberChor walks away with both the gadget and their money
refunded. The merchant loses the merchandise as well as the payment they would
have made. Not to forget, the merchant could lose a chargeback fee and a damaged
reputation. Such fraud makes selling online a risk, and it can push prices up for
honest customers as sellers have to increase costs to cover such losses as well as
more advanced security systems.
1. Fake Cashback Links (Refer Common Risks in Digital Financial Transactions)
2. Loan App Harassment

In July 2023, a 22-year-old engineering student in Bengaluru borrowed ₹46,000

through a loan app to meet personal expenses. Unable to repay the amount, he faced
relentless harassment from the app's executives, leading to severe emotional distress.
Tragically, this culminated in his suicide, highlighting the devastating impact of
predatory lending practices facilitated through digital platforms.
 Figure 41 Cyberdost

Key Takeaways:

 Predatory Lending Practices: Many digital loan apps offer quick loans with
hidden exorbitant interest rates and fees, trapping borrowers in cycles of debt.

 Harassment Tactics: Upon default, some companies resort to aggressive

recovery methods, including threats, public shaming, and constant harassment,
exacerbating the borrower's mental health struggles.

 Psychological Impact: The combination of financial strain and harassment can

lead to severe emotional distress, as evidenced by this tragic incident.

Preventive Measures:

 Thorough Research: Before borrowing, research the credibility of the lending

platform and opt for institutions regulated by the Reserve Bank of India (RBI).

 Understand Terms: Carefully read and understand the loan terms, interest
rates, and repayment schedules to avoid unforeseen liabilities.

 Seek Support: If facing harassment, report the issue to local authorities and
seek support from mental health professionals.

Regulatory Actions: In response to such incidents, authorities have initiated

crackdowns on illegal loan apps and are working towards stricter regulations to
protect consumers from predatory lending practices.

5.7. Alert on Fraudulent Loan Offers – Cyber Dost’s Important Warning

Cyber Dost and the Indian Cyber Crime Coordination Centre (I4C) have issued a vital
warning regarding fraudulent loan offers that are increasingly common online.
Scammers are promoting "instant loan approvals without application" to lure
unsuspecting individuals. Although these offers might seem appealing, they’re often a
trap designed to steal personal information or demand unauthorized payments.

Cyber Dost’s Advice:

 Think Twice before trusting any loan offer that promises instant approval with
minimal information. Scammers rely on quick decisions and often use these
enticing promises to exploit people in need of financial assistance.
  Report Suspicious Activity: If you come across such scams, immediately call
1930 or file a complaint at cybercrime.gov.in.

For the latest updates on cybercrime prevention and safety tips, follow Cyber Dost on
their official social media channels.

Quiz 5.2: Common Cyber Frauds

Question: What is a common sign of a fake banking app?

A) It is only available on the official app store

B) It asks for excessive permissions unrelated to banking
C) It has numerous positive reviews
D) It is from a well-known bank

Answer: B) It asks for excessive permissions unrelated to banking

Question: What should you do if you receive an unexpected refund request email
from your bank?

A) Click the link and follow the instructions

B) Contact your bank using official contact details
C) Ignore it
D) Forward the email to friends

Answer: B) Contact your bank using official contact details

5.8. The Solution – Overcome GULF and Secure Your Financial Transactions
Many online financial scams occur due to common human traits—Greed, Urgency, Lust
and Fear (GULF). CyberChor exploit these traits to trick individuals into handing over
their sensitive information or unknowingly authorizing financial transactions. Greed
comes into play when users are lured by "too-good-to-be-true" offers, such as fake
cashback schemes or lottery winnings that prompt them to share their bank details.
Urgency is another tactic, where CyberChor creates a sense of immediate action, like
a supposed bank alert requiring "urgent" updates to an account. The fear of losing
access or missing out often leads people to act without thinking. Lust has a queer
characteristic of surfacing at the most unexpected moments causing most undesirable
consequences. It is lust that leads a young person or an elderly one to venture into the
tricky world of unverified adult dating or porn sites. Such sites are swarms of
CyberChor. Lastly, Fear is a powerful motivator that CyberChor use to push people into
compliance. For example, they might send threatening emails claiming an account will
be locked unless personal information is provided. These psychological triggers make
it easy for CyberChor to steal funds.

A. Digital Arrest Scam: Understanding the Threat

A digital arrest scam happens when CyberChor pretend to be police or government
officials. They accuse innocent people of being involved in serious crimes like money
laundering and threaten them with immediate "digital arrest" if they don’t pay
money. This fear tactic often tricks people into sending large sums of money to avoid
trouble, even though the whole thing is a scam.

Real-Life Incident: Retired Bank Employee Scammed

Situation: The CyberChor, posing as a government official, had called a retired bank
person of Lucknow. The caller alleged that he was involved in illegal money laundering
using his Aadhaar-seeded bank account. The CyberChor said the man would be taken
into custody right away if he did not act fast to prove that he is innocent.

Action: Fearing he would be arrested; the retired man said as much to the phone
CyberChor and followed his instructions. Then, over the next few days, pretending that
this would get him out of trouble and clear his name, he transferred ₹1.73 crore in
many bank accounts.

Outcome: He became aware of the fraud and lodged a complaint with the cyber cops.
The authorities have initiated an investigation into the matter to nab the Chor and
retrieve the money. So, the above example just shows how CyberChor use fear to hide
their scam, which is why you need to stay calm and verify something before falling into
that trap.
Figure 42 Real-Life Incident: Retired Bank Employee Scammed
Figure 43 Kanishk Gaur Tweet
Figure 44 Fake Digital Arrest
 Figure 45 Greed, Urgency and Fear (GULF)

To counteract cyber threats, it is crucial to pause, think critically, and validate the
authenticity of any unexpected financial prompts. Recognizing the influence of GULF
(Greed, Urgency, Lust, and Fear) (Figure 45) can prevent falling into traps set by
fraudsters, safeguarding your financial well-being.

1. Verification, Pause, and Validate (VPV) Approach (Figure 46)

Imagine you receive an email or message asking you to complete an urgent payment
or provide personal information. It may appear official, maybe even from your bank or
a company you trust. But before you act, it's important to follow a simple three-step
process: Verification, Pause, and Validate (Figure 47).
 Figure 46 VPN Approach

This method helps you avoid falling into the traps of cyber fraudsters who often use
urgency to trick people into making quick decisions. Here’s how it works:

1. Verification: Check If It’s Real

Before you do anything, verify if the request is legitimate. CyberChor often pretend to
be from trusted companies. Of course, small details give them away.

 Check the sender: Look closely at the email address or phone number. Does it
come from the official source, or is there something off about it, like a misspelt
name or an unusual domain?
 Inspect the website: If you’re asked to visit a website, make sure the URL starts
with "https" (showing it's secure) and doesn’t have odd spellings or extra letters
that seem suspicious.
  Cross-check details: If you’re unsure, visit the official website or call the
company using their verified contact details, not the ones in the suspicious
message.
 Look for signs of trust: Legitimate websites often have security badges like
“Verified by Visa” or “MasterCard SecureCode.” These are signs that the
transaction is likely safe.

2. Pause: Don’t Rush

CyberChor want you to feel rushed, so they often use scare tactics or promises of
rewards to get you to act fast. Take a breath and pause before acting rashly.

 Don’t act immediately: Legitimate companies won’t pressure you into making
a quick decision. If you feel like you’re being pushed to act fast, it’s a red flag.
 Ignore threats or exciting offers: Threats or too-good-to-be-true offers are
red flags. Don’t get trapped by the CyberChor—anything that feels rushed or
extreme is a reason to stop and think.
 Reflect on the situation: Ask yourself if this makes sense. Is it normal for the
company to reach out like this? If something feels off, trust your gut and don’t
rush. Always consider taking a moment to evaluate the situation.

3. Validate: Double-Check Before Acting

Now that you’ve paused and verified, take one last step to validate the request. Make
sure everything checks out before you move forward.

 Contact the company directly: Use official contact info, not the one in the
suspicious message, to ask if the request is real.
 Get a second opinion: For large transactions, double-check with someone you
trust or even the customer service team. If others have been scammed, there
might be reports online.
 Confirm payment details: Before sending any money, make sure the account
information is correct. If you have any doubts, contact your bank directly.
 Figure 47 Verification, Pause and Validate (VPV) Approach

Only Proceed When Sure

Once you've verified, paused, and validated the request, only proceed if everything
seems legitimate. If something still feels wrong, don’t go through with the transaction.
It's better to be safe than sorry.

Following this simple process can protect you from online scams, helping you avoid
decisions made in a hurry or out of fear. Always take the time to check—it could save
you from losing money or having your personal information stolen.

So, it became crucial to pause and validate the authenticity of any online financial
transaction to avoid falling into traps set by CyberChor.

Here's how to do it effectively:

 Verify Banking Websites: Always ensure the website has "https://" and a
padlock symbol in the URL bar. Fake websites often mimic the design of
legitimate banking sites but lack security features like a secure connection
(https). They may have misspellings or low-quality graphics. Visual aids can
show a side-by-side comparison of a real banking website versus a phishing
 site. Legitimate sites use professional branding, while phishing sites might have
subtle differences, like altered URLs (e.g., "yourbank-secure.com" instead of
"yourbank.com").
 Identify QR Code Scams: CyberChor often use fake QR codes to trick users into
transferring money. Real QR codes for payments should prompt you to confirm
the amount or purpose of the transaction. Fake ones might initiate a withdrawal
without warning. Visual aids can include illustrations of legitimate QR
transactions versus fraudulent ones. For instance, a secure QR transaction will
usually involve a confirmation step, while a scam QR code may bypass this
process.

A) Prudent Actions to Safeguard Apps and Devices

To keep your financial data secure, take the following actions:

 Use strong passwords and enable two-factor or multi-factor authentication

(2FA/MFA)
 Regularly update your apps and operating systems to secure against
vulnerabilities.

B) Safe Practices for Online Banking

 Avoid Public Wi-Fi: Public Wi-Fi networks are often unsecured, allowing
CyberChor to intercept your data. Use mobile data or a secure, private network
when accessing banking services.
 Use Virtual Keyboards: When entering passwords or sensitive information,
use the virtual keyboard provided by the banking app. This can help protect
against key loggers that might capture your keystrokes.
 Conceal PIN: When using ATMs, cover the keypad while entering your PIN to
prevent onlookers or hidden cameras from capturing your information.
 Set Transaction Limits: Limit the amount that can be transferred in a single
transaction. This way, even if your account is compromised, the damage can be
minimized.
 Turn Off International Transactions: If you don't need to use your cards
internationally, disable this feature. This can prevent unauthorized foreign
transactions.
  Use a Secondary Bank Account: Consider linking a separate bank account for
online transactions, keeping your primary savings account safer. Use different
mobile numbers for social media and bank accounts to further safeguard your
finances.

5.9. Important Guidelines to Avoid Falling Victim to Cyber Frauds

Cyber-crimes are on the rise, and it's crucial to stay vigilant and avoid falling for
common scams. Here are some essential tips (Figure 48) to protect yourself:

1. Suspicious Calls or SMS: If you receive a message about your service being
suspended or needing urgent action (like pressing a number), it's a scam.
Don't respond.

2. Fake Package Scams: Calls about a suspicious package in your name, asking
for immediate action, are fraudulent. Do not engage.

3. Aadhaar-related Calls: Be cautious if someone claims to be from the police

and asks about your Aadhaar details. It's likely a scam.

4. Fake Digital Crime Alerts: Do not respond to threats claiming you are
involved in digital crimes. These are scams.

5. WhatsApp or SMS Scams: If someone contacts you via WhatsApp or SMS for
personal details or financial transactions, ignore it.

6. UPI Transaction Scams: Never respond to calls saying money was sent
mistakenly to your UPI ID. It's a scam.

7. Fake Buyers: Scammers may pose as military personnel or use fake IDs to
purchase items. Don't entertain such offers.

8. Food Delivery Scams: Calls from fake Swiggy or Zomato agents asking you to
confirm your address are fraudulent. Don’t respond.

9. OTP Requests: Never share your OTP, especially for order cancellations. OTPs
should only be shared with official platforms.

10. Video Calls: Avoid answering unknown calls in video mode as these are often
scams.
 11. Avoid Suspicious Links: Never click on blue links or links from untrusted
sources.

12. Verify Official Notices: If you receive notices from government agencies,
verify their authenticity through official channels.

General Advice: Do not share personal details such as Aadhar, PAN, or DoB
with anyone over the phone. If a caller pressures you, simply hang up and block
the number. Always report any scams to the local cyber police, even if it involves
some reputational risk.

Staying informed and cautious is key to protecting yourself from cyber fraud.

Figure 48 Safe Practices for Online Banking

Thwarting a Phishing Attempt

One user received an email claiming to be from their bank, requesting urgent account
verification via a provided link. Instead of clicking the link, the user paused and
validated the request. They contacted their bank through official channels to inquire
about the email. It turned out to be a phishing attempt. By pausing and validating the
authenticity of the request, they successfully thwarted the CyberChor attempt to steal
their banking credentials. This example underscores the importance of being vigilant
and verifying any unexpected communications regarding your financial accounts. By
following the VPV approach, they protected their credentials and avoided financial
loss.

QUIZ 5.3 The Solution – Secure Your Financial Transactions

Question: Which practice increases the security of your online banking activities?

A) Using the same password for all accounts

B) Enabling two-factor authentication (2FA)
C) Sharing your banking PIN with family members
D) Keeping your banking app open all the time

Answer: B) Enabling two-factor authentication (2FA)

Question: True or False: Strong passwords should include a mix of letters, numbers,
and special characters.

Answer: True

Question: True or False: Using public Wi-Fi for banking transactions is safe.

Answer: False

Question: Which of the following is a safe practice for online transactions?

A) Using public Wi-Fi

B) Setting transaction limits
C) Saving passwords in your browser
D) Using the same PIN for all accounts

Answer: B) Setting transaction limits

Question: What should you do if you receive a suspicious email claiming to be from
your bank?

A) Click on the link provided

B) Call your bank using the number on their official website
C) Ignore it and delete it
D) Forward it to friends

Answer: B) Call your bank using the number on their official website
5.10. What to Do If Your Bank Account Is Compromised?
When your bank account gets compromised, it may be frightening. Still, taking
immediate and appropriate action (Figure 49) can help you really minimize damage
and recover funds. Here is what you should do in case you find yourself in this position:

Immediate Steps to Take

1. Freeze Your Account:

Call your bank immediately and inform them of the breach. Ask to have your
account temporarily blocked in order not to allow unauthorized transactions to go
further. This would be helpful in safeguarding your funds in the hands of your bank,
as they investigate the breach.
2. Change Your Credentials:
Change your passwords online for your banking sites, PINs, and security questions.
Make a new, complex password not used previously for added security to your
account.
3. Alert Other Financial Institutions:
Notify other banks or credit card companies where your details might be linked.
This helps prevent potential fraud on other accounts, ensuring that any connected
financial services are also protected.
4. Monitor Account Activity:
Keep a close eye on all recent and upcoming transactions. Look for any additional
suspicious activity and report it to your bank immediately. Staying vigilant can help
you catch further fraudulent actions early.
 Figure 49 Immediate steps to be taken for Bank Account

How to Report and Recover (Refer to Next Chapter for more details)

1. File a Formal Report with Your Bank

Contact your bank's fraud department and make a complaint with as much detail
as you can give about the transactions. Provide them with the date, the amount, or
even an idea of what may be relevant for them to tackle the situation. The more
information you give them, the better it is for the banks to help you out.
2. Contact Cybercrime Authorities
Report incidents to national cybercrime units. For instance, India has the Cyber
Crime Reporting Portal. Initiates an investigation with the help of authorities. This
helps track the present fraudsters and prevents future frauds.
3. Document Everything
Keep detailed records of all communications with the bank, including transaction
details and every step you take during the recovery process. This documentation is
crucial if legal action becomes necessary or if you need to follow up with the bank.
4. Apply for a Refund
Depending on the bank's procedures, you may be entitled to a refund after an
inquiry. Provisions of provisional credit may also be granted at this stage so that
the loss is not encountered fully by you as the bank investigates it.
Real Life Incident Example: Recovery After Account Compromise

Ritu was a bank customer who witnessed an unauthorized withdrawal of funds from
her account. She froze her account and contacted her bank's fraud department
immediately. The bank also told Ritu to change all her banking details and submit a
detailed report about all the fraudulent transactions that occurred. The bank started
its investigation and found that Ritu was not responsible for the fraud. They
reimbursed the amount to her account. Ritu also filed a complaint with the national
cybercrime unit, making sure that an investigation is conducted, and the culprits are
caught.

Being quick and doing it the right way made it possible for Ritu to recover her stolen
money and ensured she would not lose money to any next threats that may arise.

Key Takeaways

 Act Fast: Immediate action is crucial to prevent further unauthorized access to

your account.
 Report Promptly: Reporting the incident quickly increases the chances of
recovering your money.

Keep Records: Maintain detailed records and cooperate with your bank and
authorities to aid in the investigation and recovery process.
5.11. Reference Guide to Stay Safe with Your Finances Online
Checklist Item Details Action Steps Example
(Do’s and
Don’ts)
DO- Use Strong Combine letters, Avoid using personal 8 to 10 words with
Passwords numbers, and special information like special characters
characters. birthdates. and numbers
DO- Enable Adds an extra layer of Enable 2FA on Password & OTP
Two-Factor security to your banking and payment
Authentication accounts. apps.
(2FA)
DON’T - Beware Avoid clicking on links Verify the sender by Visiting the Branch
of Phishing in unsolicited contacting your bank of the Bank
Scams messages. directly.
Monitor Your Regularly check for Set up alerts for large Review the bank
Accounts unauthorized or unusual transactions on
transactions. transactions. MFA for daily basis
the online
transactions of more
than 10000 or
transaction at night.
DON’T - Avoid Public Wi-Fi can be Use a VPN if accessing At Cafe or Public
Public Wi-Fi for insecure and sensitive info on Place (Railway
Banking vulnerable to hackers. public networks. Station, Airport)
DO - Secure Protect your device Use fingerprint or face 2FA / MFA
Your Devices with antivirus software recognition for
and updates. security.
DO - Verify Be cautious of Contact customer Call Back
Payment unexpected requests service of the
Requests for payments or concerned platforms
refunds. before proceeding
with payments.
 Use Secure Prefer credit cards and Avoid using debit At Shopping Mall,
Payment digital wallets for cards for online E-commerce
Methods transactions. payments. Websites
Set Transaction Limit the amount for Switch off 20000 Per Month
Limits online transactions. international
transactions if not
needed.
Know What to Take immediate action Report to your bank, Time is crucial
Do if if you suspect fraud. change passwords,
Compromised and monitor accounts.

Reference Guide: types of Financial Fraud

Type of Description Example Solution

Fraud
Phishing CyberChor trick You receive an email Verify the sender,
individuals into claiming to be from avoid clicking
providing sensitive your bank, asking you suspicious links, and
information through to verify your account contact your bank
fake emails or information. directly.
messages.
Identity Chor use stolen Someone uses your Protect personal
Theft personal personal details to information, use
information to open a credit card in strong passwords,
impersonate your name. and monitor
someone and accounts regularly.
commit fraud.
SIM Swap Fraudsters convince Your phone suddenly Contact your mobile
Fraud mobile providers to loses service, and provider
transfer your phone CyberChor use your immediately and use
number to their number to reset your two-factor
device to access bank passwords. authentication (2FA).
accounts.
 Credit Card A device is placed on A skimmer attached Inspect ATMs before
Skimming ATMs or POS to an ATM steals your using, and regularly
terminals to steal card details, which monitor your
card information are then used for account for
during transactions. unauthorized unauthorized
purchases. transactions.
Wire Fraud CyberChor deceive You receive an email Always verify the
individuals into asking you to wire request by
transferring money money to a "secure contacting the
to fraudulent account" due to a company through
accounts. system breach. official channels.
Fake Victims are lured You receive a message Avoid clicking on
Cashback with fake cashback offering a reward but unknown links and
Scams offers to provide are asked to enter never share your UPI
banking your UPI PIN, leading PIN or banking
information. to unauthorized details.
transactions.
Chargeback A customer disputes A person buys an Keep records of
Fraud a legitimate expensive item, then transactions and
transaction to get a claims they never proof of delivery to
refund while received it to get a defend against
keeping the product. refund. chargeback claims.
Online Fraudulent websites You purchase an item Only shop on trusted
Shopping lure buyers with online but never websites and read
Fraud great deals but receive it, and the reviews before
never deliver the website disappears. making purchases.
products.

5.12. Password Security and Best Practices

Throughout this book, we’ve talked about how important it is to use strong passwords.
A good password is your first line of defense against hackers. To help you protect your
accounts, the National Institute of Standards and Technology (NIST) has shared
updated guidelines for 2024. Here’s what they recommend—and what you should do
to keep your information safe:
1. Make Your Passwords Longer: Use passwords that are at least 8 to 12 characters.
Longer passwords are much harder for hackers to crack than short ones, even if
they’re complicated.
2. Avoid Easy-to-Guess Passwords: Stay away from common choices like
“password” or “123456.” Choose something unique that others can’t easily guess.
3. Use Two-Factor Authentication (2FA): Adding an extra step, like a code sent to
your phone, makes your account much safer. This should be a must for important
accounts.
4. Try a Password Manager: A password manager can securely store your
passwords, so you don’t have to remember them all. It’s a handy tool to keep
everything organized and safe.
5. Teach Others About Password Safety: If you work with others, make sure they
know how to create strong passwords, too. Your security depends on everyone
being careful.
6. Change Your Passwords Regularly: Don’t keep the same password forever.
Change it from time to time, especially after a security breach. It’s a simple step to
stay safer.
7. Encrypt and Secure Passwords: Make sure your passwords are stored safely and
encrypted, whether they’re for personal or work accounts.
8. Don’t Use Personal Info in Passwords: Avoid using details like your birthday or
name, as these are easy for hackers to guess.
9. Consider Using Biometrics: If possible, use options like fingerprint or facial
recognition as an extra layer of security.
 Figure 50 NIST Password Guidelines

5.13. Way Forward

As we move forward to wrap up this chapter on keeping your online financial
transactions safe, it’s crucial and necessary to remember that the digital landscape is
always changing every second. CyberChor are also constantly finding new ways to
exploit vulnerabilities (weakness), which means staying informed is your best defence
for security in your cyber space or digital world.

In our next series of the Don’t Be Scammed, we’ll dive into other types of scams that
are becoming more common, such as Bitcoin scams and ransomware attacks. These
threats can have a serious impact on both your personal and financial security, often
catching people off guard. But don’t worry—our upcoming guiding books on
awareness will break down these complex and technical issues in simple words,
helping each of you to understand how they work and, most importantly, how to
protect yourself.

So, stay tuned...! By continuing to educate yourself about these evolving risks, you’ll be
better equipped to navigate the digital world safely and confidently by your own.
 Chapter 6: Guide to Reporting and Preventing
Cybercrimes - Steps and Best Practices

More and more people in India are using mobile phones—almost 80% of us! We use
apps every day for chatting, paying bills, or signing up for things. But did you know that
these apps might be sharing your personal details without you even knowing?

Every time you enter your phone number, name, or other details into an app like
Truecaller, Google, or UPI payments, your information can be collected. Some
advanced tools can pull out over 20 pieces of information just from your phone
number! This makes it easier for online criminals to trick people.

These criminals—sometimes called CyberChor—use all sorts of scams, like:

i. Fake job offers

ii. Lottery scams
iii. Phishing (tricking you into clicking harmful links)
iv. Sextortion (blackmail using private information)
v. Fake police calls saying you’ll be arrested

The scary part? They don’t even need much information to scam you! Stolen data—like
phone numbers and emails—is sold online for as little as ₹2-4 lakh ($3,000–$5,000).
Using smart tools, these criminals quickly target people and steal their money or
personal data.

Even simple things, like visiting an office or signing up for an event, now require you
to share your ID or phone number. That’s why protecting your personal information is
more important than ever!
So, what can you do?
This chapter will teach you simple ways to stay safe and protect yourself from cyber
scams. Let’s learn how to outsmart online fraudsters and keep our digital lives secure!

Section 6.1 Quick and Easy Steps to Lodge a Cybercrime Complaint

If you ever become a victim of a cybercrime, don’t panic! Taking action quickly can help
stop further damage and even catch the culprits. The good news is that reporting a
cybercrime in India is easier than you might think. There are several simple ways to
file a complaint and get help. This section will guide you through the process step by
step, so you know exactly what to do if you ever face an online scam, fraud, or
harassment.

i. Cyber Cells in Each State: Most states have special cybercrime cells where you
can report incidents. You can find a list of these on the Cyber Crime Portal
(https://cybercrime.gov.in/).

ii. Helpline Number ‘1930’: This is a 24/7 national helpline for reporting cyber
financial frauds quickly.
iii. Online Complaint Portal: You can also lodge a complaint directly on the
national portal at cybercrime.gov.in.
iv. Emergency Number ‘112’: For immediate help, you can call this national
emergency response number, like calling 911.
v. Local Police Station: You can go to any police station and file an FIR (First
Information Report). Remember, you can lodge a “zero FIR” at any police
station, even if the crime happened in a different area. In most cases, cybercrime
is considered serious, and the police can act without needing an arrest warrant.

In the next subsection, one shall also find a cue card of steps on how to do so. A
summary of steps for filing online cyber-complaint is presented herewith (Figure 51).
 Figure 51How to File a Cyber Crime Complaint (Source: IIPA)

Section 6.2 How to File a Complaint by Email?

If you’ve been a victim of a cybercrime, don’t worry—you can report it easily by

sending an email to the right officials. Every state in India has Cyber Nodal Officers who
handle online crime cases. They work with local cyber police and can help with your
complaint.

Follow these simple steps to file your complaint via email:

Step 1. Gather Your Information

Before writing the email, collect these details:

 What happened? (e.g., fraud, hacking, online harassment)

 When and where did it happen?
 Any proof? (Screenshots, messages, emails, transaction details, etc.)

Step 2. Find the Right Email Address

 Go to the official cybercrime portal: https://cybercrime.gov.in

 Click on ‘Contact Us’ to see the list of Cyber Nodal Officers for your state.
 Or go directly to this link: Cyber Nodal Officers List
Step 3. Write Your Email

Your email should be clear and to the point. Include:

 Your full name and contact details

 A short explanation of what happened
 Any evidence (attach screenshots or files)
 A request for urgent action

📝 Example Subject Line: “Urgent: Cybercrime Complaint – [Your Issue]”

Step 4. Send the Email

📤 Address the email to the Cyber Nodal Officer in your state and send it.

Step 5. Follow Up

If you don’t get a response in a few days, send a follow-up email or visit your local cyber
police station for help.

Reporting a cybercrime is easier than it seems! Taking action quickly can help prevent
further harm and protect others from falling into the same trap.

Section 6.3 How to File a Complaint if the Victim is a Woman or Child?

If a woman or child is facing online abuse, harassment, or any cybercrime, there are
special helplines and websites where they can seek help. You don’t have to suffer in
silence—help is just a call or a click away!

Here’s how to report a cybercrime in such cases:

A. If the Victim is a Woman

👩 Helpline Numbers: Call 1091 or 181 for immediate support.

💻 Online Portal: File a complaint with the National Commission for Women
(NCW) at ncw.nic.in.

B. If the Victim is a Child

👦 Helpline Number: Call 1098 for child-specific assistance.

📞 Delhi-Specific Helpline: If you’re in Delhi, contact the Delhi Commission for

Protection of Child Rights at +91-9311551393.

C. If You Receive Obscene Calls or Face Online Stalking

📲 Emergency Numbers: Call 1096 or 1090 for immediate help.

D. Email Option

📧 If you prefer, you can also email your complaint to the Ministry of Women and
Child Development at [email protected].

Important Notes:

 The complaint can be filed by the victim or by someone on their behalf (such as
a friend or family member).
 You can choose to remain anonymous if you don’t want to reveal your identity.

Don't hesitate—reporting can help stop the crime and protect others too! 💙

Section 6.4 How to File a Complaint about Cyber-Financial Frauds?

If someone scams you out of your money online, don’t panic! Acting quickly can help
you get your money back and stop further losses. Follow these simple steps:

1. Contact Your Bank Immediately

📞 Call your bank’s customer care number, send an email, or visit the branch to report
the fraud. Provide all details about what happened.

2. Act Fast – Within 3 Days!

⚡ If you report the fraud within three days, you won’t be held responsible for the
loss. The bank might refund your money—but only if you didn’t share your OTP,
PIN, or CVV with the scammer.
3. File a Police Complaint

🚔 It’s always a good idea to report the fraud to the police for extra protection and
support.

4. Block Your Card Immediately

💳 If the scam involved your credit or debit card, call your bank’s helpline or use the
mobile app to block your card so it can’t be used again.

⚠️ Important Tip: Never Google a bank’s customer service number! Always find it on
the official bank website or app under the “Contact Us” section.

5. Get Your Money Back

💰 If you reported the fraud within 3 days and it wasn’t your fault, your bank should
refund your money within 10 working days.

6. No Refund If It Was Your Fault

❌ If the fraud happened because you shared your OTP, PIN, or password, the bank
may not be able to refund your money.

7. Not Happy with the Bank’s Response?

😡 If your bank doesn’t help, you can file a complaint with the Reserve Bank of India
(RBI) through their Banking Ombudsman service here:
🔗 RBI Banking Ombudsman (Figure 52)

Taking quick action can make all the difference—stay alert and protect your money!
 Figure 52 RBI's banking ombudsman

Need More Help? You Can Also Email Your Complaint!

If your bank isn’t helping, you can email your complaint directly to the Reserve Bank
of India (RBI) at 📧 [email protected].

What to Include in Your Email?

✉️ Your Name and Address – So they know who you are.

🏦 Bank/Department You’re Complaining About – Mention the bank or office

causing the issue.
📄 Any Proof or Documents – Attach screenshots, emails, or transaction details to
support your case.

Need to Talk to Someone? Call the RBI Helpline!

📞 Dial #14448 for help. Here’s how it works:

 The IVR system (automated voice) is available 24/7.

 To speak to a real person, call Monday to Friday (except national holidays)
between 8:00 AM – 10:00 PM.
 Help is available in English, Hindi, and 10 regional languages.
 Also refer (Figures 53,54 and 55) as per your requiremenrt.
 Figure 54 WHAT to do if one is a victim if a Financial Fraud
Figure 53 When and How to Approach an RBI Banking Ombudsman (Source: IIPA)

Figure 53 Banks Defeat the ‘Zero Liability Policy’ to the E-mail Complaints
 Figure 55 When and How to Approach an RBI Banking Ombudsman (Source: IIPA)

Section 6.5 Actions to Take When Someone Loses Their Mobile Phone

Losing your phone can be stressful, but don’t worry! Follow these simple steps to find
it quickly and protect your personal information:

1. Call Your Phone 📞

 Use another phone to call your number.

 If it’s nearby, you might hear it ring—even if it’s on silent!
 You can also use your mobile carrier’s app to make it ring loudly.

2. Send a Text Message 💬

 If your phone shows messages on the lock screen, send a text with your contact
details.
 Someone who finds it might call you back.

3. Use ‘Find My Phone’ 🗺️

 Most phones have a built-in Find My Phone feature.

 This lets you track, ring, lock, or erase your phone remotely.
 Make sure this feature is turned on in your phone settings.
4. Erase Your Data If It’s Stolen 🔒

If you think your phone was stolen, erase all data remotely!

 This stops anyone from accessing your personal information.

 You can do this through ‘Find My Phone’ (Google, Apple, or Samsung) (Figure 56).

5. Lock Your Phone & Change Passwords 🔑

 If you still can’t find it, lock it remotely to stop unauthorized access.
 Immediately change passwords for important accounts like:

 Email 📧
 Banking Apps 💰

 Social Media (Facebook, Instagram, etc.) 📱

By acting fast, you increase the chances of finding your phone and keep your personal
information safe.

Figure 56 Google Find My Device

Block the Phone’s IMEI: To prevent anyone else from using your phone, block its IMEI number. This can be done by
contacting your mobile carrier or using the CEIR (Central Equipment Identity Register) portal.

How to find your phone’s IMEI No?

Your IMEI (International Mobile Equipment Identity) number is a unique code for your
phone. If your phone is lost or stolen, this number helps in tracking it or blocking it.

Follow these simple steps to find your IMEI number:

📱 Method 1: Through Phone Settings

 Open the Settings app.

 Scroll down and tap on About Phone.
 Look for IMEI Number—it will be listed there.

📞 Method 2: Dial a Simple Code

🔢 Just dial *#06# on your phone, and your IMEI number will appear on the screen
instantly!

✍️ Important Tip:

Write down your IMEI number and keep it safe. If you ever lose your phone, you can
give this number to your service provider or the police to help track or block your
device.

How to Block Your Lost or Stolen Mobile Using IMEI?

If your phone is lost or stolen, you can block its IMEI number to prevent misuse. This

makes sure the phone cannot be used on any mobile network.

Steps to Block Your Lost Phone:

1 Visit the Sanchar Saathi Portal 🌐

🔗 Go to Sanchar Saathi Portal (Figure 57) (by the Department of Telecom,

Government of India).
🔹 Under Citizen Centric Services, click on ‘Block Your Lost/Stolen Mobile’.

2 Follow the Instructions 📝

 Fill out the form with your phone details.

 Provide your IMEI number, mobile number, and personal details.
 Upload the required documents (copy of police report, ID proof, and mobile
purchase invoice if available).

3 Submit & Get a Request ID 🔄

 Once you submit the request, you will get a Request ID.
 Use this ID to track the status of your request.

4 Unblock Your IMEI (If Phone is Found) 📱

If you recover your phone, you can use the same portal to request to unblock the IMEI.

Blocking your phone’s IMEI ensures that no one else can use it, keeping your personal
data and mobile identity safe.
 Figure 57 Citizen Centric Services

Here is an another alternative method to block your lost or stolen phone’s IMEI."

Steps to Block Your Lost or Stolen Phone’s IMEI

If you lose your phone, follow these steps to block its IMEI number and prevent misuse:

1. File a Police Report 🚔

 Visit your nearest police station and report the lost/stolen phone.
 Keep a copy of the police report—you will need it later.

2 Get a Duplicate SIM Card 📱

 Visit your telecom provider (Airtel, Jio, Vi, BSNL, MTNL, etc.) and request a
replacement SIM card with the same number.
 This is important because OTP verification for IMEI blocking will be sent to this
number.

⚠️ Note: As per TRAI regulations, SMS services on a re-issued SIM are activated only
after 24 hours.
3. Prepare Your Documents 📄

Before applying to block your IMEI, gather these documents:

 A copy of the police report

 Your Identity Proof (Aadhaar, Passport, etc.)
 Mobile purchase invoice (if available)

4. Submit the Request on Sanchar Saathi Portal

🔗 Go to Sanchar Saathi Portal (Government of India).

 Under Citizen Centric Services, click on ‘Block Your Lost/Stolen Mobile’.

 Fill out the IMEI blocking request form and upload the required documents.

5. Get Your Request ID & Track Status 🔄

 After submitting the form, you will get a Request ID.

 Use this ID to track your application or unblock your IMEI later if you recover your
phone.

Blocking your IMEI ensures that no one else can misuse your phone, keeping your
personal data secure.
 Figure 58 Steps to Follow in Case of a Lost Mobile Phone (Source: IIPA)

Section 6.6 What to do if phone is lost and Google Pay/Paytm and Phone
Pay is still active?

Losing your phone is stressful, but if Google Pay, Paytm, or PhonePe are still active,
act fast to stop anyone from using your money! Follow these simple steps:

1) Block Your SIM Card 📵

 Call your mobile service provider (Airtel, Jio, Vi, BSNL, etc.) and ask them to block
your SIM.
 This stops scammers from getting OTPs and using your payment apps.
2) Lock or Erase Your Phone 🔒

 If you have an Android, go to Google’s "Find My Device".

 If you have an iPhone, use Apple’s "Find My iPhone".
 There, you can:

 Lock your phone so no one can open it.

 Erase everything if you think it's stolen.

3) Deactivate Payment Apps 💰

 Call your bank and tell them to disable UPI services linked to your number.
 Contact Google Pay, Paytm, or PhonePe’s customer care and ask them to
deactivate your account.

4) Call for Quick Help ☎️

📞 Dial 1930 (National Cybercrime Helpline) for emergency support.

By doing this quickly, you can stop scammers from stealing your money! 🚨💙

Section 6.7 How to Use Chakshu Portal to Report Fraud Spam Calls,
Messages?

Getting fake calls, scam messages, or weird WhatsApp texts? Don’t ignore them! The
Chakshu Portal, created by the Government of India, makes it easy to report these
frauds and help stop scammers.

What is the Chakshu Portal?

It’s a simple online platform where you can report suspicious calls, SMS, or WhatsApp
messages that seem like scams. It is part of the Sanchar Saathi website, run by the
Department of Telecom.

What Can You Report?

1. Fake customer care numbers (e.g., “This is your bank, share your OTP”)
2. Fraud bank accounts used for scams
3. Payment wallet scams (Paytm, Google Pay, etc.)
4. Suspicious WhatsApp messages (lottery scams, fake job offers)
5. Any call or message that looks like a fraud

Why Should You Report?

 Your complaint helps police, banks, and cybercrime teams track down scammers
and protect others.
 The portal works with the Digital Intelligence Platform (DIP) to share fraud details
with the right authorities.

If something feels off, report it! Your action can stop a scam before it harms others.

How to Report Suspected Fraud Communication Received through Call on

Chakshu Portal?

If you get a suspicious call asking for personal details, OTPs, or money, report it on the
Chakshu Portal to help stop scammers. Here’s how you can do it:

Step-by-Step Guide to Reporting Fraud Calls

Step 1: Go to sancharsaathi.gov.in website and scroll down to Citizen Centric Services.

Step 2: Select the Chakshu option under this tab and then click continue for reporting.
Step 3: Select the fraud category from the drop-down menu and attach a screenshot of
the call.

Step 4: Enter the mobile number from which you got the suspected fraud
communication
Step 5: Enter the date and time of the fraud call and provide the detailed complaint.

Step 6: Lastly, enter your personal details, verify it with OTP, and submit the complaint.

How to Report Suspected Fraud Communication Received through SMS on

Chakshu Portal?

If you receive a suspicious SMS asking for OTPs, bank details, or any scam offer, report
it on the Chakshu Portal to stop fraudsters. Here’s how you can do it in a few simple
steps:

Step 1: Visit the sancharsaathi.gov.in website and navigate to the Citizen Centric
Services section by scrolling down.

Step 2: Choose the Chakshu option from this tab and proceed by clicking on Continue
for reporting.

Step 3: Select Medium as SMS. Now, select the fraud category from the drop-down
menu and attach a screenshot of the message you received.

Step 4: Choose the type of suspected SMS, whether received with a short code
(example AX-BCDEFS) or without a short code.
Step 5: Input the mobile number from which you received the suspected fraudulent
communication.

Step 6: Specify the date and time of the fraudulent call and provide a detailed
complaint.

Step 7: Finally, fill your personal information, verify it with OTP, and submit the
complaint.

How to Report Suspected Fraud Communication Received through WhatsApp on

Chakshu Portal?

If you receive scam messages or fake calls on WhatsApp, you can report them on the
Chakshu Portal to help stop fraudsters. It’s also important to report the number
directly to WhatsApp so they can block the sender and prevent further scams.

Step-by-Step Guide to Reporting Fraud on WhatsApp

Step 1: From the Chakshu menu, select Medium as WhatsApp.

Step 2: Select the fraud category from the drop-down menu and attach a screenshot of
the message you received.

Step 3: Choose the type of suspected WhatsApp communication, whether it is a

WhatsApp Call or WhatsApp message.

Step 4: Enter the mobile number linked to the suspected fraudulent communication.

Step 5: Indicate the date and time of the fraudulent call and provide a comprehensive
complaint.

Step 6: Lastly, input your personal information, authenticate it with an OTP, and
proceed to submit the complaint.

Section 6.8 How to Approach Consumer Court for Cybercrime?

If you’ve been cheated online, lost money in a fraudulent transaction, or faced a data
breach, you can approach the consumer court to seek justice. Consumer courts help
protect your rights if you’ve been wronged by an online service, bank, e-wallet, or any
digital platform.

When Can You File a Complaint?

You can go to the consumer court if you have faced:

A. Online Fraud: If you were scammed while shopping or making payments

online.
B. Unauthorized Digital Services: If someone misused your internet banking, e-
wallet, or subscriptions.
C. Data Breach: If a company leaked or misused your personal data, causing harm
or loss.

Steps to File a Complaint in Consumer Court:

Step 1: Gather Proof

 Take screenshots of messages, emails, and bank transactions.

 Collect bills, receipts, or any documents related to the issue.

Step 2: File a Complaint

 Visit your nearest consumer court or file online at www.ncdrc.nic.in.

 You can also call the consumer helpline at 1800-11-4000 or 1915, or send an SMS to
8800001915.
 Fill out the complaint form with your details, what happened, and attach your
evidence.

Step 3: Submit the Complaint

 Submit the completed form with the required documents.

 You may have to pay a small fee.

Step 4: Attend the Hearings

 The court will call you for hearings.

 Present your case clearly and provide all necessary proof.
 You can take help from a legal expert or consumer rights organization if needed.

Where to File the Complaint?

The consumer court you approach depends on the amount of money involved in the case:

I. District Consumer Forum: If the claim is up to ₹50 lakhs.

II. State Consumer Commission: If the claim is between ₹50 lakhs and ₹2 crores.
III. National Consumer Commission: If the claim is above ₹2 crores.

Tip: Act fast! The sooner you file your complaint, the better your chances of getting justice.
Your complaint can also help prevent similar frauds from happening to others.

Section 6.9 How to Report Cyber Abuse on Social Media?

Social media is a great place to connect, but it can also be used to harass, threaten, or
deceive people. If you or someone you know is facing cyber abuse, it’s important to
report it immediately.

Common Types of Cyber Abuse

i. Cyberbullying – Repeated online harassment, insults, or threats.

ii. Online Stalking – Constantly tracking someone’s activities online.
iii. Impersonation – Creating fake profiles to scam or harm others.
iv. Hate Speech – Posting offensive or hateful content against individuals or
groups.
v. Phishing & Scams – Trick attempts to steal personal details or money.

Where to Report Cyber Abuse?

1) Report on the Government Cybercrime Portal

 The Government of India has a dedicated cybercrime reporting portal:

🔗 https://cybercrime.gov.in/ (Managed by the Ministry of Home Affairs)
 You can report cyberbullying, stalking, harassment, and other online abuse
here.
 You can also track your complaint status and get support from local cybercrime
units.

2) Report Directly on Social Media Platforms

 Most social media apps have tools to report abuse:
✔ Facebook – Report posts, comments, profiles, or messages.

✔ Instagram – Report abusive content, fake profiles, or cyberstalking.

✔ Twitter/X – Report offensive tweets or accounts violating policies.

How to Report?

 Open the post, comment, or profile.

 Click ‘Report’ or ‘Flag’ the content.
 Choose the reason (harassment, hate speech, scam, etc.).
 Submit the report—platforms review complaints and take action!

Why Reporting is Important?

 Stops the abuser from targeting more people.

 Helps authorities take legal action against cybercriminals.
 Ensures social media remains a safe space for everyone.

If you feel threatened or in danger, contact the police or cybercrime helpline

immediately. You don’t have to face online abuse alone!

Section 6.10 Lodging a Cyber Crime Complaint on the National Cyber-

Crime Portal

If you are a victim of cybercrime, you don’t need to visit a police station—you can
report it easily online through the National Cybercrime Portal at cybercrime.gov.in.

This government website allows you to:

 Report any type of cybercrime from anywhere, anytime.

 Track the progress of your complaint using your acknowledgement number and
registered phone number.

How Does It Work?

 While filing a complaint, you can select your State/UT from the portal.
 Your complaint is then automatically sent to the cyber police in your state.
 If it’s an urgent matter, or if you need an FIR immediately, you can also visit your
local police station for faster action.

This quick and simple process ensures that you get help without the hassle of visiting
a police station!

Steps to File a Complaint on National Cyber-Crime Portal:

a) To file a complaint on the centralized portal by the Government of India, (cyber

crime.gov.in), one could take cues from the steps mentioned below:

Step 1 - Open the web-portal https://cyber crime.gov.in/

Step 2 - On the homepage of the portal, the victim would find multiple tabs to access. Next
to the home tab, there are two other tabs viz. Report Women/Child-Related Crime and
Report OtherCyber Crime.
Step 3 - To report a women/child-related cybercrime, the victim can click on the ‘Report
Women/Child-Related Crime’ tab. Following this step, a drop-down menu would appear
with two options.
- ‘Report Anonymously’ or ‘Report & Track a Complaint.’
Step 4 - The victim can select the ‘Report Anonymously’ tab if in case the victim does not
want toreveal her/his identity. The cybercrime report would be filed anonymously on the
portal without any registration (i.e., without collecting any personal information of the
victim such as email ID, mobile number, etc.
Step 5 - The victim has to then click on the ‘File a complaint’ tab followed by the ‘I accept’
tab toreport a cybercrime. The victim must read all the conditions carefully and then
accept them.
 Figure 59 Filing a complaint on National Cyber Crime Reporting Portal

Step 6 - Fill in the complaint and incident details as asked in the following form. Once the
form iscompleted, the victim has to click on the ‘Save & Next’ tab to move to the next part
of the report.

Step 7 - These details would be followed by the suspect details if any. After clicking on the
‘Save &Next’ tab, the victim can preview the form and re-check all the details entered in
the report.
Step 8 - Finally, the victim has to submit the report by clicking the ‘Submit’ tab on the
screen.
Step 9 - However, if the victim selects the ‘Report & Track’ tab, a box to enter the citizen
logindetails appears on the screen where the victim would be asked to fill in the state in
which the crimeoccurred along with personal information such as a login ID (same as the
email ID of the victim) and mobile number of the victim.
 Figure 60 Registering a New User on the National Cyber Crime Reporting Portals

Step 10 - The victim would receive an OTP on the registered mobile number and then, the
victim can report the crime on the portal. After successfully logging in, the victim can choose
the respectivearea of cybercrime and register a complaint.

Step 11 - The victim would be asked to fill in the relevant details of the cyber-crime.
Step 12 - However, if the victim selects the ‘Report Other Cybercrimes’ tab on the
homepage,the victim will directly reach the page with the ‘File a Complaint’ tab. From here
onwards, the victim must follow the same steps as above in the ‘Report Anonymously’
tab.
b) Tracking the Complaint Status on the National Cyber-Crime Portal

Step 1 - As soon as the victim has registered a complaint on the cybercrime portal, the
victim would receive an acknowledgement number both, on the login ID as well as on
the registered mobile number to track the status of the complaint. All further
communication regarding the investigation will be done through the registered mobile
number/ the login ID of the victim.
Step 2 - The victim would click on the ‘Report and Track’ tab to check the status of the
cyber complaint. The complaint status can be tracked through the given
acknowledgement number andan OTP that would be generated as the victim enters the
portal.
Step 3 - The victim would enter the login ID, the mobile number, the OTP, and the
captcha. As the victim clicks on the ‘Submit’ tab, the victim would receive the following
screen with the status of the complaint updated by the police and the date on which
the action was taken (Figure 61).

Figure 61 To track the complaint status (Source: National Cyber Crime Reporting Portal)

Note: Other tools like Digi Locker and Blockchain technology, which are used to
safeguard digital data, will be explored in the subsequent chapters.

Section 6.11 Simple Ways to Stay Safe Online & Avoid Cyber Scams
As the saying goes, “It’s better to be safe than sorry.” With cybercriminals using new
tricks every day, it’s important to stay alert and protect yourself from online frauds,
hacking, and financial scams. By following these simple digital safety tips, you can keep
your personal information secure and avoid becoming a victim.

Essential Cyber Safety Tips

i. Use a Good Antivirus Software

 Install reliable antivirus software on your phone, laptop, and tablet.

 It helps detect and block viruses, malware, and online threats before they
harm your device.

ii. Turn On Your Firewall

 A firewall acts like a security guard between your device and the internet.
 It blocks suspicious activities and protects against cyberattacks.

iii. Create Strong, Unique Passwords

 Avoid using common passwords like 123456 or password.

 Use a mix of letters, numbers, and symbols for added security.
 Never reuse the same password for different accounts.

iv. Enable Multi-Factor Authentication (MFA)

Adding an extra step—like an OTP or fingerprint—makes it harder for hackers
to break into your accounts.
Always turn on MFA for bank accounts, social media, and email.
v. Be Careful with Emails & Attachments

 Don’t open emails from unknown senders—they may contain viruses or

phishing scams.
 If an email looks suspicious, don’t click on links or download attachments.

vi. Use a VPN on Public Wi-Fi

 Public Wi-Fi (like in cafes or airports) is not secure, and hackers can steal your
data.
 A VPN (Virtual Private Network) protects your internet activity by keeping it
private and encrypted.

vii. Regularly Check Your Bank & Social Media Accounts

  Look out for any strange activity in your banking, email, or social media
accounts.
 If you see anything unusual, change your password immediately and report it.

viii. Be Wary of Public Wi-Fi & Free Downloads

 Hackers often set up fake Wi-Fi hotspots to steal passwords and data.
 Avoid using public Wi-Fi for banking or logging into important accounts.

Section 6.12 Beware of OTP Theft Through Merged Calls & Fake
Screenshots

Cybercriminals have developed new ways to steal money by tricking people into
sharing their OTPs (One-Time Passwords) or believing fake payment confirmations.
Two of the most common scams today are:

I. Stealing OTPs through merged calls

II. Using fake payment screenshots to commit fraud

If you’re not careful, these tricks can empty your bank account in seconds. This section
will explain how these scams work, how to spot them, and, most importantly, how to
protect yourself.

I. OTP Theft Through Merged Calls

How This Scam Works

Scammers use merged calls to make you believe you’re speaking to a real bank official
or company representative. Here’s how they do it: You receive a call from someone
claiming to be from your bank, mobile service provider, or a delivery company.

They tell you there’s an issue with your bank account, credit card, KYC update, or a
recent transaction. They then merge your call with an automated banking system,
making it sound official.

 You receive an OTP on your phone and are told to share it for verification.
  The moment you share the OTP; the scammer completes a fraudulent transaction
in your name.

Red Flags to Watch Out For

 The caller pressures you to act quickly.

 They merge your call with a fake banking system.
 They say things like "This is a routine security check" or "We need to verify your
identity."
 You receive an OTP without requesting it.

How to Protect Yourself

 NEVER share OTPs with anyone, even if they claim to be from your bank.
 Banks and service providers NEVER ask for OTPs over the phone—this is always a
scam.
 Hang up immediately if a caller asks for an OTP.
 If you receive an OTP you didn’t request, ignore it and report the call to your bank
or the cybercrime helpline (1930).

II. Fake Payment Screenshot Scam

How This Scam Works

This scam is common among online sellers on platforms like OLX, Facebook
Marketplace, WhatsApp groups, or small business websites. Scammers pretend to
make a payment but never actually send the money.

 A scammer contacts you to buy something from you.

 They claim they have already sent the money via UPI (Google Pay, Paytm,
PhonePe) or bank transfer.
 They send you a fake payment screenshot that looks real.
 They pressure you to confirm the order, ship the product, or even "refund" the
money to them.
 By the time you check your account and realize no payment was actually
received, the scammer is gone.
Advanced Version of This Scam – OTP Request for “Confirmation”

 Some scammers take it a step further and ask for an OTP to “verify” or
“confirm” the transaction.
 The OTP is actually for a fraudulent payment from your account to theirs.
 If you share the OTP, your money is gone instantly.

Red Flags to Watch Out For

 The buyer is in a hurry and insists they’ve already sent the payment.
 They send a screenshot as proof instead of waiting for you to check your account.
 They ask you to "refund the extra money" they "accidentally sent."
 They request an OTP to "confirm the payment."

How to Protect Yourself

 Always check your bank or UPI app before confirming any payment. Never
trust screenshots.
 UPI transactions happen instantly—if the money isn’t in your account, the
payment was never made.
 Never share an OTP for a payment confirmation—this is always a scam.
 If you suspect fraud, report the scam to the cybercrime helpline (1930) or
cybercrime.gov.in.

Other OTP Theft Techniques Used by Scammers

Apart from merged calls and fake payment screenshots, scammers use many other
tricks to steal OTPs. Here are 12 common techniques they use:

1. Phishing Calls (Fake Customer Care Calls)

 Scammers pretend to be from your bank or UPI app.

 They say there’s a problem with your account and ask you to share an OTP to fix it.
 The OTP approves a fraudulent transaction.

Stay Safe: Banks & UPI apps NEVER ask for OTPs over the phone. Hang up!
2. Social Engineering (Manipulation Scams)

 Scammers use fear, urgency, or trust to make victims share OTPs.

 They may say "Your account will be blocked in 5 minutes unless you verify this OTP!"

Stay Safe: Always stop and think before sharing an OTP.

3. SIM Swap Fraud

 Scammers collect your personal details and request a new SIM card in your name.
 Once activated, they. receive all your OTPs.

Stay Safe: If your SIM stops working suddenly, contact your provider immediately.

4. Remote Access Scam (Fake Tech Support)

 Scammer asks you to download Any Desk or TeamViewer to "fix an issue."

 Once installed, they remotely control your device and steal OTPs.

Stay Safe: Never install screen-sharing apps for unknown callers.

5. Fake QR Code Scam

 Scammer sends a QR code via WhatsApp, SMS, or email to help you "receive a
payment."
 Scanning it requests an OTP, which transfers your money to scammers.

Stay Safe: QR codes are for paying, not receiving money.

6. WhatsApp Account Hijacking

 Scammers send a WhatsApp OTP and then call, pretending to be support.

 If you share it, they hijack your account and scam your contacts.

Stay Safe: Enable two-step verification on WhatsApp.

7. Fake KYC Update Scam

 Scammers claim "Your UPI or bank account will be blocked unless you update
KYC."
 They ask for an OTP to "verify your details."
Stay Safe: Only update KYC through official bank apps.

8. Fraud Loan Apps & Fake Investment Scams 💰

 You download an unverified finance app that asks for an OTP.

 The OTP allows scammers to access your financial accounts.

Stay Safe: Use only verified apps from Google Play Store or App Store.

9. Fake Delivery OTP Scam

A scammer pretending to be Amazon, Flipkart, or a courier service asks for an OTP.

Stay Safe: Only enter delivery OTPs in official apps.

Stay Alert, Stay Safe!

Scammers succeed when people panic or act without thinking. Now that you know how
these scams work, you can stay one step ahead and protect yourself.

Section 6.13 Legal Provisions for Cybercrime Prevention and

Reporting
Staying safe online isn’t just about using strong passwords and antivirus software—
it’s also important to know your legal rights. If you ever become a victim of cybercrime,
the law is on your side. In India, cybercrime cases are handled under various legal
provisions that protect victims and punish offenders.

Below is a summary of key provisions from the BNSS (Bharatiya Nyaya Sanhita, 2023),
IPC 1860 (Indian Penal Code, 1860), and IT Act 2000 (Information Technology Act,
2000), which outline the responsibilities of law enforcement and the legal protections
available to victims of cybercrime.

Section 6.14 Summary of Key Provisions in BNSS, IPC, and IT Act for
Cybercrime:
Act/Section Description Key Provisions

BNSS Section Electronic • Information on cognizable offence can

173(1)(ii) Communication & e-FIR be given electronically.
 • Must be signed within three days.
• Recorded in the police station's diary
and e-FIR register.

BSA Section Definition of Documents • Includes electronic and digital records

2(1)(d) as documents.

• Admissible as evidence in court.

BNSS Section Definition of Document • Encompasses matter recorded in any

2(8) form, including electronic and digital
records.

SOP on Zero- Zero-FIR Registration • Registered in case of cognizable

FIR Process offence outside the jurisdiction.
• Must be transferred to the correct
police station through CCTNS.
• No annual serial number, only '0'
mentioned.

BNSS Section Non-Cognizable Cases • Police must forward daily diary report
174(1)(ii) of non-cognizable offences fortnightly
to the Magistrate.

BNSS Sections Summoning and • Police can summon persons

179 & 180 Examining Witnesses acquainted with case facts.
• Certain individuals (women, minors,
elderly, disabled, or acutely ill) cannot
be summoned to the station but can be
examined at their residence.

BNSS Section Summons to Produce • Courts or police can issue summons

94 Documents for documents or electronic
communications necessary for
investigation.
• Entities like banks and social media
 platforms can be asked to provide
records.

BNSS Section Search and Seizure • Search and seizure must be recorded
105 & 185 through audio-video means.
• List of items seized to be sent to
Magistrate within 48 hours.
• Seized property suspected to be from
criminal activity can be attached with
court approval.

BNSS Section Property Attachment • Police can apply for attachments of

107 and Forfeiture property obtained from criminal
activity.
• Courts may order attachment after
considering explanations.

• Proceeds of crime to be distributed to

affected individuals or forfeited to the
government.

BNSS Section Cheating through • Offences related to cheating via

202 Electronic Means electronic communication can be tried
in the jurisdiction where messages were
sent or received.

BNSS Section Arrest without Warrant • Police can arrest without a warrant if
35 necessary to prevent further offences or
for proper investigation.

• Compliance with Supreme Court

guidelines is required.

• Checklist and reasons for arrest to be

provided to the Magistrate.
BNSS Section Arrest of Women • Women can only be arrested by female
43 officers.
• No arrest after sunset and before
sunrise unless permitted by the court.

BNSS Section Collection of Specimen • The Magistrate can order a collection

349 Signatures, of these samples for investigation.
Handwriting, and Voice • Samples to be collected in the
Samples presence of witnesses.

• Process to be recorded and samples

sent to forensic labs for examination.

BNSS Section Completion of • Investigation to be completed without

193 Investigation unnecessary delay.

• Cases under certain sections to be

completed within two months.
• Progress of investigation to be
communicated to informant or victim
within 90 days.

BNSS Section Investigation Outside • Courts can issue letters of request to

112 & 114 India authorities in other countries for
collecting evidence.

• Courts can issue warrants for arrest in

contracting states through specified
authorities.

IPC Section Stalking (Cyberstalking) • Defines stalking, including online

354D stalking of women.
• Punishable with imprisonment for up
to 3 years and fines.

IPC Section Theft • Includes theft of digital data or

378 & 379 unauthorized access to digital
 information.
• Punishable with imprisonment and
fines.

IPC Section Cheating and Fraud • Covers cheating and dishonestly

420 (Online Fraud) inducing delivery of property through
online means.
• Punishable with imprisonment for up
to 7 years and fines.

IPC Section Defamation • Online defamation or posting

500 defamatory content on social media is
punishable under this section.

IPC Section Criminal Intimidation • Covers sending threatening messages

503 & 507 through email or other digital
communication.
• Punishable with imprisonment and
fines.

IPC Section Insult to Modesty of • Covers sexual harassment or offensive

509 Women (Online remarks against women on digital
Harassment) platforms.
• Punishable with imprisonment for up
to 3 years and fines.

IPC Section Forgery (Digital • Involves the creation of false digital

463 & 465 Forgery) documents or electronic records for the
purpose of cheating.
• Punishable with imprisonment and
fines.

IPC Section Forgery for the Purpose • Covers the creation of fake electronic
468 of Cheating (Cyber records to cheat individuals or
Frauds) institutions.
 • Punishable with imprisonment for up
to 7 years.

IPC Section Forgery for Harming • Includes creating fake online profiles
469 Reputation or emails to defame or harm someone’s
reputation.
• Punishable with imprisonment up to 3
years.

IT Act Section Penalty for • Covers penalties for gaining

43 Unauthorized Access unauthorized access to computers,
networks, or data.

• Liability to pay compensation for

damage caused to the affected person.

IT Act Section Hacking • Defines hacking with intent to destroy,

66 delete, or alter information in computer
resources.
• Punishable with imprisonment up to 3
years and fines.

IT Act Section Identity Theft • Involves the use of someone else's

66C identity, including digital signatures or
passwords, without their permission.
• Punishable with imprisonment up to 3
years and fines.

IT Act Section Cheating by Personation • Covers online fraud where an

66D (Cyber Impersonation) individual impersonates another
person to deceive others.
• Punishable with imprisonment up to 3
years and fines.

IT Act Section Violation of Privacy • Involves capturing, publishing, or

66E (Digital Privacy) transmitting images of private areas of
any person without their consent.
 • Punishable with imprisonment up to 3
years and fines.

IT Act Section Publishing Obscene • Covers publishing or transmitting

67 Material Online obscene material in electronic form,
including on social media.
• Punishable with imprisonment for up
to 5 years and fines.

IT Act Section Publishing or • Deals with online pornography and

67A Transmitting Sexually transmitting sexually explicit material.
Explicit Material • Punishable with imprisonment for up
to 7 years and fines.

IT Act Section Child Pornography • Covers publishing, browsing, or

67B downloading child pornography online.
• Punishable with imprisonment for up
to 5 years and fines.

IT Act Section Powers to Issue • Government authority can issue

69 Directions for orders for monitoring, decrypting, or
Interception intercepting any information through
computer resources for security
purposes.

IT Act Section Blocking Public Access • The Government has the power to
69A to Information block public access to any information
for national security or public order
reasons.

IT Act Section Protection of Critical • Unauthorized access to critical

70 Information information infrastructure is
Infrastructure punishable with imprisonment of up to
10 years.
 IT Act Section Breach of Confidentiality • Penalizes any individual who secures
72 and Privacy access to confidential information or
data without the consent of the person
concerned.

IT Act Section Publishing False Digital • Deals with the intentional publishing
73 Signatures of false digital signatures to harm
others.
• Punishable with imprisonment and
fines.

Section 6.15 Some of the Initiatives by the Government of India to

Prevent Cybercrimes
The Indian Government has implemented a range of initiatives to strengthen
cybersecurity and combat the growing threat of cybercrimes. These efforts encompass
legal frameworks, specialized agencies, and public awareness programs aimed at
safeguarding digital infrastructure and protecting citizens from online threats. The list
of various initiatives taken by the Government of India under different categories is
given hereunder:

S. Name of Initiatives Explanation

No.

Category 1: Some of the Platforms Initiated by GoI

1.1 Digital Intelligence This system uses data analytics and AI to make
Platform (DIP) government services more efficient and responsive.
It enables departments to make informed, real-time
decisions, improve service delivery, and implement
policies effectively, ensuring that actions are timely
and relevant to community needs.

Currently, there is no dedicated official website for

DIP as it is an internal initiative. For more
 information, you can visit the Digital India program
website:

https://www.digitalindia.gov.in/.

1.2 Sanchar Saathi Portal The Sanchar Saathi Portal, launched by the
Department of Telecommunications, is here to help
telecom users in India stay safe. It allows you to
track and block your lost or stolen mobile phones,
ensuring your data remains secure. The portal also
offers tips and guidelines to protect yourself from
scams and prevent the misuse of your mobile
connections, making it easier to manage your
telecom safety.

The official website for the Sanchar Saathi Portal is:

www.sancharsaathi.gov.in.

1.3 National Cybercrime This is an initiative by the Ministry of Home Affairs

Reporting Portal to provide a centralized platform for citizens to
report various types of cybercrimes, particularly
those related to women and children. It enables
victims to file complaints easily and access
resources for awareness and prevention, ensuring a
safer online environment.

The official website for the National Cybercrime

Reporting Portal is: www.cybercrime.gov.in.

1.4 Cyber Swachhta This is also known as the Botnet Cleaning and
Kendra Malware Analysis Centre, is an initiative under the
Digital India program aimed at creating a secure
cyber ecosystem. It provides tools and services to
detect and remove malware, helping individuals and
organizations protect their systems from cyber
threats.
 The official website for Cyber Swachhta Kendra is:
www.cyberswachhtakendra.gov.in.

Category 2: Some of the Capacity Building and Awareness Initiatives by GoI

2.1 Cyber Dost This is a social media initiative by the Ministry of

Home Affairs aimed at spreading awareness about
cybersecurity and safe online practices among
citizens. It provides tips, guidelines, and updates on
preventing cybercrimes and staying safe in the
digital world through various social media
platforms.

The official website for Cyber Dost information is:

www.cyberdost.gov.in.

2.2 Cyber Surakshit This Initiative is a program launched by the Ministry

Bharat of Electronics and Information Technology (MeitY)
to strengthen cybersecurity in India. It focuses on
building awareness and capacity among
government officials, especially those handling
critical information infrastructure, through training
and workshops on best practices in cybersecurity.

The official website for more information is:

www.meity.gov.in.

2.3 Cyber Crime This is an initiative by the Ministry of Home Affairs

Prevention against aimed at addressing and preventing cybercrimes
Women and Children specifically targeting women and children. It
(CCPWC) provides a comprehensive framework for capacity
building, creating awareness, and establishing cyber
forensic training labs to tackle these crimes
effectively.
 The official website for CCPWC is:
www.cybercrime.gov.in.

2.4 Samarth Bharat Samarth Bharat is a capacity-building initiative

aimed at training law enforcement officials, judicial
officers, and public prosecutors in cybercrime
investigation and cyber laws. It focuses on
enhancing the digital literacy and skills of officials to
effectively combat cybercrimes and ensure robust
digital governance.

More information about this is available on

https://www.negd.gov.in/.

2.5 National Digital Crime The National Digital Crime Resource & Training
Resource & Training Centre (NDCRTC) provides specialized training and
Centre (NDCRTC) resources to law enforcement agencies, judicial
officers, and public prosecutors for effectively
investigating and prosecuting cybercrimes. It aims
to enhance the skills and knowledge of officials
dealing with digital crimes.

There is no dedicated official website for the

National Digital Crime Resource & Training Centre
(NDCRTC). However, more information can be
found on the Bureau of Police Research and
Development (BPRD) website: www.bprd.nic.in.

Category 3: Some of the Legal & Policy Framework by GoI

3.1 National Cyber This is a comprehensive framework formulated by

Security Policy, 2013 the Government of India to protect the nation’s
digital ecosystem from cyber threats. It aims to
secure cyberspace, promote a safe and resilient
digital environment, and strengthen the
 infrastructure for cybersecurity, with a focus on
protecting citizens, businesses, and government.

The official website for more information is:

www.meity.gov.in.

3.2 Information This was amended in 2008 and is the primary

Technology Act, 2000 legislation in India governing electronic commerce
(Amended in 2008) and cybercrime. The amendment introduced
stringent measures to address cyber offences such
as identity theft, cyber terrorism, and data
protection, providing a legal framework for secure
electronic transactions and digital governance.

The official website for more information is:

www.meity.gov.in.

3.3 Bharatiya Nagarik The Bharatiya Nagarik Suraksha Sanhita (BNSS)

Suraksha Sanhita, 2023 is a new legislation that replaces the old Code
2023 of Criminal Procedure (CrPC), 1973. It aims to
modernize the criminal justice system by
introducing specific timelines for investigations and
trials, enhancing transparency through measures
like audio-video recording of searches, and
providing stronger protections for vulnerable
groups.

The official website for more information is:

https://www.mha.gov.in/

3.4 Digital Information This is a proposed legislation aimed at safeguarding

Security in Healthcare the digital health data of individuals in India. It seeks
Act (DISHA) to establish standards for data privacy, security, and
confidentiality within the healthcare sector,
ensuring that personal health information is
protected against unauthorized access and misuse.
 One can visit the Ministry of Health and Family
Welfare’s website: www.mohfw.gov.in. for this.

Category 4: Some Govt Institutes related to Cybersecurity by GoI

4.1 National Database of The National Database of Sexual Offenders (NDSO)

Sexual Offenders is a registry maintained by the Ministry of Home
(NDSO) Affairs to track and monitor individuals convicted of
sexual offences. It is used by law enforcement
agencies to prevent repeat offences and ensure
community safety by keeping a close watch on such
offenders.

Currently, there is no direct public access to the

National Database of Sexual Offenders (NDSO).
However, more information can be found on the
Ministry of Home Affairs' official website:
www.mha.gov.in.

4.2 National Cybercrime This is an advanced facility under the Indian

Forensic Laboratory Cybercrime Coordination Centre (I4C) designed to
(NCFL) support law enforcement agencies in the
investigation of cybercrimes. It provides specialized
tools and expertise for digital forensics, aiding in the
analysis of cyber offences and enhancing the overall
capacity to combat cyber threats. The official
website for more information is:
www.cybercrime.gov.in.

4.3 National Critical It is an organization under the National Technical

Information Research Organisation (NTRO) tasked with
Infrastructure protecting India's critical information
Protection Centre infrastructure from cyber threats. It focuses on
(NCIIPC) safeguarding assets in sectors such as energy,
banking, defence, and telecommunications,
 ensuring the resilience and security of essential
services.

The official website for NCIIPC is:

www.nciipc.gov.in.

4.4 Indian Cyber Crime This is an initiative by the Ministry of Home Affairs
Coordination Centre designed to combat cybercrime in a coordinated and
(I4C) comprehensive manner. It serves as a central hub
for law enforcement agencies, providing them with
tools, resources, and data analytics to tackle various
cyber threats and offences effectively across the
country.

The official website for I4C is:

www.cybercrime.gov.in.

4.5 Indian Computer This is the national nodal agency established under
Emergency Response the Ministry of Electronics and Information
Team (CERT-In) Technology (MeitY) to respond to cybersecurity
incidents and enhance the security of India's digital
infrastructure. It monitors and mitigates cyber
threats, issues alert and advisories, and provides
incident response support to both government and
private organizations.

The official website of CERT-In is: www.cert-

in.org.in.

4.6 Data Security Council The Data Security Council of India (DSCI) is a
of India premier industry body established by NASSCOM,
aimed at promoting data protection, cybersecurity,
and privacy practices in India. It collaborates closely
with the Government of India and other
stakeholders to develop best practices, policies, and
frameworks for securing digital infrastructure.
 The official website of the Data Security Council of
India (DSCI) is https://www.dsci.in (Data Security
Council of India).

Category 5: Some Cyber commandos initiative of GOI

5.1 National Cybercrime This portal allows citizens to report cybercrimes

Reporting Portal online, including financial fraud, cyberbullying, and
other digital offences. It is designed to facilitate easy
and efficient reporting and tracking of cybercrime
incidents.

The official website of the National Cybercrime

Reporting Portal is:
https://www.cybercrime.gov.in/

5.2 National Cybercrime A specialized unit focused on analysing cybercrime

Threat Analytics Unit threats and generating actionable intelligence to
(TAU) assist law enforcement agencies in preventing and
investigating cybercrimes.

The official website of the National Cybercrime

Threat Analytics Unit is:

https://www.mha.gov.in/en

5.3 National Cybercrime This laboratory provides advanced forensic tools

Forensic Laboratory and technologies for the analysis of digital evidence.
(NCFL) Ecosystem It supports law enforcement agencies in
investigating and prosecuting cybercrimes.

The official website of the National Cybercrime

Forensic Laboratory (NCFL) Ecosystem is:
https://i4c.mha.gov.in/

5.4 National Cybercrime A dedicated training centre that offers courses and
Training Centre resources to law enforcement personnel, enhancing
(NCTC)
 their capabilities in handling cybercrime cases
effectively.

Training resources are available at:

https://cytrain.ncrb.gov.in/

5.5 Platform for Joint This platform enables collaboration and data
Cybercrime sharing among law enforcement agencies,
Investigation Team facilitating coordinated investigations into complex
cybercrime cases.

More details can be found on the Ministry of Home

Affairs website

(Note: This serves as an initial summary; further elaboration will follow in the
upcoming chapters.)
 Section 6.16: Some of the Initiatives by Government of India to Build
Cyber Safe Bharat

Strengthening the Security of India's Digital Landscape

Figure 62 Security of India's Digital Landscape

India has emerged as a global leader in the digital space, with an astounding 950 million internet users
as of 2024. This positions the country as one of the most connected nations in the world. Known as
'Digital Nagarik’s', Indians are integrating the internet into almost every aspect of their lives, from
business and education to banking and accessing government services online.

But with this digital boom comes a big challenge: cyber threats are increasing every day. Recognizing
this, the Government of India has introduced strong cybersecurity measures to protect users and create
a safe and trustworthy online environment.

These initiatives are designed to ensure a safe, trustworthy, and secure cyberspace, especially as cyber
threats and attacks continue to rise in today’s interconnected world.
 The Indian Government has implemented a range of initiatives to strengthen cybersecurity and
combat the growing threat of cybercrimes. These efforts encompass legal frameworks,
specialized agencies, and public awareness programs aimed at safeguarding digital
infrastructure and protecting citizens from online threats. To report any sort of cybercrime, the
Government of India (GoI) has launched a dedicated portal i.e. cybercrime.gov.in (Ref Figure 63).
This portal is known as National Cyber Crime Reporting Portal.

Figure 63 Homepage of Cybercrime.gov.in

The list of some of these initiatives, in no order, are given hereunder:

1. Toll-free Helpline Numbers for Cyber Victims

Toll free numbers and their usability
121 1930 1963 1915
Or Or
1800-11-0420 1800 -11-4000
Or
SMS: 8800001915
This is All-in-One It’s the most Subscribers can For any Consumer
Emergency number that important Cyber report any Grievance, including e-
also responds to Crime Helpline suspicious or commerce related fraud,
 registering of number that you fraudulent mobile you can call to register
cybercrime complaints. must remember to communication by your grievance 1800-11-
Akin to the erstwhile report online calling the toll- 4000 or 1915. Timing:
‘100’ toll-free number, it financial fraud. free numbers All Days Except National
is also called as 1800110420 or Holidays (08:00 AM To
“National Emergency 1963. 08:00 PM) OR. SMS on
Response-NER” number. this Number
8800001915.

Figure 64 Homepage of Consumerhelpline.gov.in

2. Digital Portals and Platforms

 National Cybercrime Reporting Portal www.cybercrime.gov.in
 Figure 65 Homepage of Cybercrime Reporting Portal

As already shared with you, this is a centralized digital platform, by Ministry of Home Affairs,
to report various types of cybercrimes (Refer Figure 42), including those related to women and
children. It enables victims to file complaints easily and access resources for awareness and
prevention, ensuring a safer online environment.

 Sanchar Saathi portal www.sancharsaathi.gov.in

Figure 66 Homepage of Sancharsaathi.gov.in

The Sanchar Saathi Portal (Figure 66) launched by the Department of Telecommunications,
is here to help telecom users in India stay safe. It allows you to track and block your lost or
stolen mobile phones, ensuring your data remains secure. The portal also offers tips and
guidelines to protect yourself from scams and prevent the misuse of your mobile connections,
making it easier to manage your telecom safety.

 Cyber Swachhta Kendra (CSK) www.cyberswachhtakendra.gov.in

Figure 67 Security Tools as Advised by Cyber Swachhta Kendra

It is a Botnet Cleaning and Malware Analysis website that provides tools and services to detect
and remove malware, helping individuals and organizations protect their systems from cyber
threats. In particular, visit "Security Tools" section of the website to download free bot removal
tool provided by the partnering antivirus companies such as Quick Heal and e-Scan.

 Cyber Coordination Centre (CyCord) https://i4c.mha.gov.in/

Apart from these interesting platforms for masses, Cyber Coordination Centre (CyCord) portal
exists as a one-stop platform for Law Enforcement Agencies (LEAs), government organizations
and other stakeholders to enable collaboration and data sharing among them for facilitating
coordinated investigations into complex cybercrime cases. This portal also shares with them
latest information (Refer Figure 68) related to cyber security through popular channels
including SMSs on the registered phone numbers.

I4C is envisaged to act as the nodal point to curb Cybercrime in the country.
 Figure 68 Homepage of Cyber Coordination Centre (CyCord) portal

3. Some of the Capacity Building and Awareness Initiatives

 Cyber Dost
https://x.com/Cyberdost
www.facebook.com/CyberDostI4C/

www.instagram.com/cyberdosti4c/

www.youtube.com/c/CyberDostI4C

www.linkedin.com/company/cyberdosti4c/?originalSubdomain

Cyber Dost is a social media initiative by the Ministry of Home Affairs (MHA), Government of
India, to promote safe online practices among citizens. It regularly provides tips, guidelines, and
updates on preventing cybercrimes on several popular social media platforms such as X
(Twitter), Facebook, Instagram, YouTube, LinkedIn. As an alert user, you should follow Cyber
Dost on the popular social media channels to get interesting tips and tricks to stay cybersafe.
 Information Security Education and Awareness (ISEA)
https://isea.gov.in/

Information Security Education and Awareness portal by Ministry of Electronics and

Information Technology (MeitY) could be deemed as a one-stop portal to know the latest in
cyber hygiene tips for the masses under the theme of building cyber-aware digital nagriks
through mass awareness. Apart from this, it also disseminates related technical information
and certifications (Refer Figure 69) for the information security professionals and students.

Figure 69 Various ISEA Programs Listed on Homepage

Cyber Jaagrookta (Awareness) Diwas
is an initiative launched by the
Government of India to enhance
cybersecurity awareness across the
nation. It is celebrated on the first
Wednesday of every month. The purpose
of this day is to educate and inform
citizens about the growing risks and
threats in the digital world and to
promote safe online practices.

In today's digital world, cyber threats are evolving rapidly:

 Ransomware attacks are on the rise more than

200% YOY.
 60% of organizations have faced breaches
through supply chain vulnerabilities.
 90% of data breaches start with phishing scams.
 Millions of records are breached daily in 2024!

The Government of India (GoI) wants all of us to commit to better security practices
to be vigilant against cyber threats. Together, we can create a safer digital world!

 Cyber Surakshit Bharat

https://www.meity.gov.in/cyber-surakshit-bharat-brochure

The GoI has undertaken several other capacity building initiatives too- for its officers under
prestigious flagship programs titled ‘Cyber Surakshit Bharat’ (Refer Figure 70) and ‘Samarth
Bharat’. For instance, a consolidated platform called as “CyTrain (cytrain.ncrb.gov.in/) has been
established as a virtual training centre by National

Crime Records Bureau (NCRB) to train officers of all ranks including senior officers from States
/ Union Territories as well as from Central Police Organizations/Central Armed Police Forces.
 Apart from this, the National Digital Crime Resource & Training Centre (NDCRTC) provides
specialized training and resources to law enforcement agencies, judicial officers, and public
prosecutors for effectively investigating and prosecuting cybercrimes and so on.

Figure 70 Homepage of Cyber Surakshit Bharat Programme

 Pratibimb App
The Pratibimb App, launched by the Indian Cyber Crime Coordination Centre (I4C) in
partnership with Jharkhand Police, is India’s first mobile app that provides a real-time
view of cybercrime trends across the country.
 With its easy-to-use dashboard, Pratibimb allows you to:

 Track live data on cybercrime

incidents, state-wise and category-
wise
 Spot emerging scams and fraud
patterns in your region
 Access official advisories, awareness videos, and safety tips — all in one place

What makes it powerful is that it's not just for experts — any citizen can use it to stay
informed and alert. Whether you're a student, professional, or homemaker, this app turns
data into awareness and awareness into protection.

Think of it as your personal cyber weather report — showing where digital storms are
brewing, so you can take cover in time.

Download it. Explore it. Talk about it. Because in a cyber-safe Bharat, awareness is
everyone's responsibility.

 Samanvya Platform- One Nation, One Cyber Response

The Samanvay Platform is a secure, government-led digital collaboration tool launched by the
Indian Cyber Crime Coordination Centre (I4C). True to its name — “Samanvay” means
coordination — this platform is designed to bring together all key agencies involved in fighting
cybercrime across India.

It acts as a national-level hub, connecting:

 State and central police forces

  Law enforcement agencies
 Cybercrime investigators and forensic teams
 Regulators like RBI, CERT-In, and more

Through Samanvay, these agencies can share real-time case information, collaborate on
investigations, exchange threat intelligence, and develop unified responses to cyber threats —
whether local or global.

4. Some of the Legal & Policy Frameworks Related to Cyber

Security and Cybercrimes
 National Cyber Security Policy, 2013

This is a comprehensive framework formulated by the Government of India

to protect the nation’s digital ecosystem from cyber threats. It aims to
secure cyberspace, promote a safe and resilient digital environment, and
strengthen the infrastructure for cybersecurity, with a focus on protecting
citizens, businesses, and government.

 Information Technology (IT) Act, 2000; amended in 2008

 Figure 71 Key Elements of IT Act, 2000

 Bharatiya Nagarik Suraksha Sanhita, 2023

The Bharatiya Nagarik Suraksha Sanhita (BNSS) 2023 is a new

legislation that replaces the old Code of Criminal Procedure (CrPC), 1973.
It aims to modernize the criminal justice system by introducing specific
timelines for investigations and trials, enhancing transparency through
measures like audio-video recording of searches, and providing stronger
protections for vulnerable groups.

5. Some Other Cybersecurity related Government Organisations/

Initiatives
 Computer Emergency Response Team-India (CERT-In)
www.cert-in.org.in
This is the national nodal agency established under the Ministry of Electronics and
Information Technology (MeitY) to respond to cybersecurity incidents and
enhance the security of India's digital infrastructure. It monitors and mitigates
cyber threats, issues alert and advisories, and provides incident response support
to both government and private organizations. Apart from this national level CERT,
there exists several sectoral CERTs too such as CERT-Fin for financial sector and so
on.

 National Critical Information Infrastructure Protection

Centre (NCIIPC)
www.nciipc.gov.in

Figure 72 Homepage of National Critical Information Infrastructure Protection Centre

 Figure 73 Various Critical Information Infrastructure

It is an organization under the National Technical Research Organisation (NTRO) tasked

with protecting India's critical information infrastructure from cyber threats. It focuses
on safeguarding assets in sectors such as energy, banking, defence, and
telecommunications (Refer Figure 73) ensuring the resilience and security of essential
services.

 Indian Cyber Crime Coordination Centre (I4C)

https://i4c.mha.gov.in/

This is an initiative by the Ministry of Home Affairs

(MHA) designed to combat cybercrime in a
coordinated and comprehensive manner. It serves as
a central hub for law enforcement agencies,
providing them with tools, resources, and data
analytics to tackle various cyber threats and offenses
effectively across the country.

 National Cybercrime Forensic Laboratory (NCFL) under

i4C
 Figure 74 National Cybercrime Forensic Laboratory

As an important vertical of i4C, NCFL is a national laboratory at New-Delhi that provides

advanced forensic tools and technologies for the analysis of digital evidence. It supports law
enforcement agencies in investigating and prosecuting cybercrimes.

 Data Security Council of India (DSCI)

https://www.dsci.in

Figure 75 Screenshot of Homepage of Data Security Council of India

The Data Security Council of India (DSCI) is a premier industry body established by
NASSCOM, aimed at promoting data protection, cybersecurity, and privacy practices in India. It
collaborates closely with the Government of India and other stakeholders to develop best
practices, policies, and frameworks for securing digital infrastructure.
 The Bureau of Police Research and Development (BPR &D)
https://bprd.nic.in/

Figure 76 Homepage of BPR&D

The Bureau of Police Research and Development (BPR&D) compiles and publishes the
statistical data on cyber-crime police stations in its publication “Data on Police
Organizations”.

 Cyber Commandos Initiative: The Nation’s New Digital Warriors

With cyber threats rising in today’s digital world, India has taken a bold step to
strengthen its cybersecurity by launching the Cyber Commandos Initiative. These elite
digital warriors are specially trained to detect, prevent, and combat cybercrimes,
ensuring a safe and secure online environment for all citizens.

Who Are Cyber Commandos?

 They are highly skilled cybersecurity experts trained in handling hacking attempts,
online frauds, and cyber threats.
 They work with law enforcement agencies, intelligence units, and cybersecurity
organizations.
 Their mission is to track down cybercriminals, protect digital infrastructure, and
respond to online attacks quickly.

Why Was This Initiative Launched?

With 950 million internet users and a growing digital economy, India faces constant cyber
threats from hackers, scammers, and cyber terrorists. The Cyber Commandos Initiative
was introduced to:

 Strengthen national cybersecurity and prevent large-scale cyberattacks.

 Protect government, corporate, and personal data from cybercriminals.
 Assist law enforcement agencies in solving cybercrime cases faster.

How Do They Work?

 Real-time Cyber Monitoring – They track online threats 24/7.

 Rapid Response Teams – They take immediate action against cybercrimes.
 Public Awareness Programs – They educate people about cybersecurity and online
safety.

How Does This Benefit Citizens?

Thanks to the Cyber Commandos, India is becoming a safer digital space where:

 Scammers and hackers are identified and stopped faster.

 Financial frauds and identity thefts are reduced.
 Citizens can report cybercrimes and get quick action.
 Figure 77 The Nation's Frontline Cybersecurity Force

 How to Become a Cyber Commando?

With cyber threats growing every day, India needs skilled digital warriors to protect its
cyberspace. If you’re passionate about technology, cybersecurity, and digital defence, you
can become a Cyber Commando and help safeguard the nation from cybercriminals.

Who Can Become a Cyber Commando?

Anyone with a strong background in cybersecurity, ethical hacking, or digital forensics

can apply. The role is ideal for:

 IT professionals with expertise in cybersecurity.

 Students or graduates in Computer Science, Cybersecurity, or related fields.
 Ethical hackers and security analysts who can track and prevent cyber threats.
 Law enforcement officers with cybercrime investigation skills.

Pathway to Becoming a Cyber Commando

1. Get the Right Education & Skills 🎓

To qualify as a Cyber Commando, technical knowledge is key. You can start with:
 A degree in Cybersecurity, IT, Computer Science, or Digital Forensics.
 Certifications like:
 Certified Ethical Hacker (CEH)
 CompTIA Security+
 Certified Information Systems Security Professional (CISSP)
 Cisco Certified CyberOps Associate
 Learning hacking techniques, malware analysis, network security, and
data protection.
2. Gain Practical Experience 🛠️
 Work on real-world cybersecurity projects.
 Participate in hacking competitions (CTFs - Capture The Flag) to improve your
skills.
 Join cybersecurity internships or work with law enforcement agencies.
3. Apply for Cyber Commando Training 🏆
The Government of India is recruiting skilled professionals for cyber defense. You
can apply through:

 Government Cybersecurity Agencies – Such as the Indian Cyber Crime

Coordination Centre (I4C), CERT-In, or DRDO’s Cyber Division.
 State Police Cyber Cells – Many states recruit cyber experts to assist in
investigations.
 Private Cybersecurity Firms – Companies like TCS, Infosys, and Wipro also train
cyber professionals who collaborate with law enforcement.
4. Stay Updated & Keep Learning 📚
✔ Cyber threats evolve every day, so Cyber Commandos must continuously update
their skills.
✔ Follow cybersecurity news, trends, and emerging threats.
✔ Join ethical hacking forums and cybersecurity groups.
Section 6.17: India’s Cyber Shield: 7 Zonal Teams to Tackle Digital
Crime

To counter the alarming rise in cybercrime, the Ministry of Home Affairs (MHA) has
launched seven Joint Cyber Coordination Teams (JCCTs) across India. This initiative is
part of the broader Indian Cyber Crime Coordination Centre (I4C) and is designed to
enhance coordination between law enforcement agencies at the state and central levels.

Each team will bring together state police, central law enforcement agencies, and
cybercrime units to share intelligence and respond faster to threats like financial fraud,
phishing, identity theft, and online harassment.

Where the JCCTs Are Located

The seven zonal teams are headquartered in the following states/cities:

1. Delhi
2. Gujarat
3. Karnataka
4. Assam
5. Uttar Pradesh
6. Maharashtra
7. Telangana

These zones will cover surrounding regions as well, allowing for multi-state coordination
and cross-jurisdictional action—especially vital in tracking cybercriminals who operate
from multiple locations.

Why This Matters

Cybercrime doesn’t respect borders. A scam that begins in one state can affect victims in
another within minutes. By forming these regional teams, the government is closing gaps
in response time, improving real-time information sharing, and building a unified
national defence against digital threats.

Section 6.18: RBI’s New Rules to Protect You from Financial Fraud

With more people using online banking and digital payments, the chances of being
scammed have also gone up. To keep us safer, the Reserve Bank of India (RBI) shared new
rules in January 2025 to stop frauds that happen through fake calls and SMS.
Why Mobile Numbers Are at Risk

Your phone number is used for:

 Receiving OTPs
 Getting account updates
 Verifying your identity

But scammers can trick people by using fake or old phone numbers. Sometimes, they even
steal money by pretending to be your bank.

Here’s How RBI Is Protecting You

1. Checking Suspicious Numbers:

Banks must now check a special list of phone numbers that were disconnected or
misused—so they don’t accidentally link them to your account.

2. Safer Calls from Banks:

All official calls will come from numbers starting with 1600xx.
Promotional calls will come from 140xx.
No more random 10-digit numbers!

3. Verified Customer Care Info:

RBI asked banks to share correct customer care numbers with the government.
These will be shown on the Sanchar Saathi website.
4. Creating Awareness:
Banks must now educate customers (even in local languages) through SMS and
emails—on how to spot and report fraud.

What YOU Can Do

 Always check the number calling you. If it’s not from 140 or 160 series, be
cautious.
 Don’t share OTPs or account info with anyone over calls or SMS.
 Report scams at cybercrime.gov.in or call 1930.
Section 6.19: Rising Importance of Cyber Insurance in Digital Era
What is Cyber Insurance and Why Do You Need It?

In today’s digital world, protecting your data is just as important as locking your home.
While firewalls, antivirus software, and strong passwords are essential, they aren’t
always enough to stop a cyberattack. That’s where Cyber Insurance comes in.

What is Cyber Insurance?

Cyber insurance is a financial safety net that protects individuals and businesses from the
fallout of a cyberattack or data breach. It covers the costs of recovering from incidents
like:

 Hacking
 Phishing scams
 Ransomware attacks
 Data theft
 System damage or downtime

In simple terms, it helps you bounce back after a digital disaster.

Why is Cyber Insurance Important?

Even the most secure systems can be breached. And when they are, the consequences can
be devastating—not just technically, but financially and legally too.

Here’s what cyber insurance can cover:

 💸 Financial losses from business interruption or fraud

 🧑💼 Legal fees and regulatory fines

 🔧 Costs of repairing or restoring data and systems

 📢 Public relations efforts to manage reputation damage

 🕵️ Investigation and forensic analysis

Who Needs It?

Everyone who uses the internet.

 Businesses of all sizes (especially those handling customer data)

 Freelancers & Entrepreneurs who rely on digital tools
 Educational institutions
 Even individuals who want to protect their identity and online assets

Conclusion: A Smart Move in a Risky World

Cyber insurance isn’t just an extra expense—it’s a strategic investment in peace of mind.
As cyberattacks grow more common and complex, having this backup plan ensures
you’re not left alone to face the consequences.

Think of it as your digital fire extinguisher—you hope you never need it, but when things
go wrong, you’ll be glad you have it.
Annexure A: Scam Alerts — Do’S & Don’tS you Must Know
This section presents a clear and practical summary of the most common scams reported
in India, along with simple Do’s and Don’ts that can help anyone — from a student to a
senior citizen — stay safe online. These actionable tips are based on verified guidelines
from the Indian Cyber Crime Coordination Centre (I4C), Ministry of Home Affairs.

Think of this annexure as your personal Cyber Kavach — a ready reference you can
revisit, share with family, or even print and pin on your wall. Let’s all be aware, alert, and
armed with the right digital habits.

(Curated from I4C Cyber Safety Handbook, Ministry of Home Affairs, Government of India)

Scam Type Do’s ✅ Don’ts ❌

KYC Scam Verify KYC requests with Don’t click on suspicious KYC
your bank directly. links.
Use only official contact Never share OTPs, PINs, or
numbers. passwords.
Online Job Scam Use trusted portals. Don’t pay upfront fees.
Verify credentials and ask Avoid applying via unverified
questions in interviews. social media posts.
Online Shopping Compare prices across Don’t scan QR codes to receive
Fraud websites. payments.
Choose Cash-on-Delivery if Avoid using public Wi-Fi for
unsure. transactions.
Digital Arrest Scam Know that “digital arrest” is Don’t panic or pay under
fake. pressure.
Report such video calls Don’t trust unverified callers
immediately. claiming authority.
Investment Scam Deal only with SEBI- Don’t believe high-return, no-
registered intermediaries. risk promises.
Stay informed. Avoid shady
WhatsApp/Telegram groups.
Online Gaming Supervise children's access. Don’t overshare gaming data.
Scam Be cautious with Don’t download games from
permissions and app unknown sources.
downloads.
Lottery Fraud Question prize messages. Don’t pay any “fees” to claim
Verify claims before prizes.
responding. Don’t trust lottery offers via
calls or emails.
Phishing Hover over links to verify. Don’t click unverified links.
Report phishing attempts. Don’t share info through pop-
ups or fake sites.
Spam/Vishing Calls Use call blockers. Don’t trust caller ID.
Educate family about such Never share info on unsolicited
scams. calls.
QR Code Scam Scan only trusted codes. Don’t scan QR codes to receive
(Quishing) Verify before acting. money.
Don’t enter sensitive info post-
scan.
Search Engine Visit official websites only. Don’t trust first search results
Fraud Cross-check contact info. blindly.
Don’t call unknown numbers
directly.
 Social Media Verify accounts. Don’t send money based on
Impersonation Report impersonation to social media requests.
platforms. Don’t share private info
publicly.
Loan SMS/Email Cross-check sender details. Don’t click on loan links.
Scams Report fake messages. Don’t share details or pay fees
without confirmation.
Card Fraud Deactivate unused card Don’t save PINs on your phone.
features. Don’t ignore transaction alerts.
Cover PIN entry.
APK/Fake App Download only from Play Don’t install apps from
Scams Store or App Store. unknown links.
Keep devices updated. Don’t share banking info on
suspicious apps.

Each of these scams may seem different, but the goal of the CyberChor is always the
same — to exploit your trust, your urgency, or your unawareness. The tips provided
above can help you spot red flags early, respond wisely, and most importantly, prevent
loss before it happens.

Remember: One careless click is all it takes. But one informed decision can protect your
money, your data, and your peace of mind.

Please share this knowledge with your loved ones. After all, digital safety is not just
personal — it’s a collective responsibility. Let’s build a #CyberSafeBharat together.